Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
How to Integrate Security Compliance Requirements with Agile Software Engineering at Scale?
Technical University of Munich and Siemens, DEU.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering. fortiss GmbH, DEU.ORCID iD: 0000-0003-0619-6027
Social Engineering Academy, DEU.
Technical University of Munich, DEU.
2020 (English)In: Lecture Notes in Computer Science / [ed] Morisio M.,Torchiano M.,Jedlitschka A., Springer Science+Business Media B.V., 2020, Vol. 12562, p. 69-87Conference paper, Published paper (Refereed)
Abstract [en]

Integrating security into agile software development is an open issue for research and practice. Especially in strongly regulated industries, complexity increases not only when scaling agile practices but also when aiming for compliance with security standards. To achieve security compliance in a large-scale agile context, we developed S2C-SAFe: An extension of the Scaled Agile Framework that is compliant to the security standard IEC 62443-4-1 for secure product development. In this paper, we present the framework and its evaluation by agile and security experts within Siemens’ large-scale project ecosystem. We discuss benefits and limitations as well as challenges from a practitioners’ perspective. Our results indicate that S2C-SAFe contributes to successfully integrating security compliance with lean and agile development in regulated environments. We also hope to raise awareness for the importance and challenges of integrating security in the scope of Continuous Software Engineering. © 2020, Springer Nature Switzerland AG.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2020. Vol. 12562, p. 69-87
Series
Lecture Notes in Computer Science , ISSN 03029743, E-ISSN 16113349
Keywords [en]
Scaled Agile Framework, Secure software engineering, Security standards, Process engineering, Public utilities, Regulatory compliance, Agile development, Agile software development, Agile software engineering, Continuous software engineerings, Integrating security, Large-scale projects, Security compliance, Software design
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-20884DOI: 10.1007/978-3-030-64148-1_5ISI: 000766320200005Scopus ID: 2-s2.0-85097649050ISBN: 9783030641474 (print)OAI: oai:DiVA.org:bth-20884DiVA, id: diva2:1514357
Conference
21st International Conference on Product-Focused Software Process Improvement, PROFES 2020, Turin, Italy, 25 November 2020 through 27 November 2020
Part of project
SERT- Software Engineering ReThought, Knowledge FoundationAvailable from: 2021-01-05 Created: 2021-01-05 Last updated: 2023-01-02Bibliographically approved

Open Access in DiVA

fulltext(7821 kB)194 downloads
File information
File name FULLTEXT01.pdfFile size 7821 kBChecksum SHA-512
c8f01ddbebec86ed07787879bb56244c820185d5b03f7719b22d0deadbbc9443b42e76ddac51553b928cd66441b2029c85500fb260783288b720fa37373e3d15
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Mendez, Daniel

Search in DiVA

By author/editor
Mendez, Daniel
By organisation
Department of Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 194 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 221 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf