A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting

DSpace Repository

A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting

Show full item record

Files for download

Main article
Facebook

Simple item record

Publication Conference Paper, peer reviewed
Title A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting
Author(s) Baca, Dejan ; Boldt, Martin ; Carlsson, Bengt ; Jacobsson, Andreas
Date 2015
Editor(s) O’Conner, Lisa
English abstract
A security-enhanced agile software development process, SEAP, is introduced in the development of a mobile money transfer system at Ericsson Corp. A specific characteristic of SEAP is that it includes a security group consisting of four different competences, i.e., Security manager, security architect, security master and penetration tester. Another significant feature of SEAP is an integrated risk analysis process. In analyzing risks in the development of the mobile money transfer system, a general finding was that SEAP either solves risks that were previously postponed or solves a larger proportion of the risks in a timely manner. The previous software development process, i.e., The baseline process of the comparison outlined in this paper, required 2.7 employee hours spent for every risk identified in the analysis process compared to, on the average, 1.5 hours for the SEAP. The baseline development process left 50% of the risks unattended in the software version being developed, while SEAP reduced that figure to 22%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.1%, i.e., More than a five times increment. This is important, since an early correction may avoid severe attacks in the future. The security competence in SEAP accounts for 5% of the personnel cost in the mobile money transfer system project. As a comparison, the corresponding figure, i.e., For security, was 1% in the previous development process.
DOI http://dx.doi.org/10.1109/ARES.2015.45 (link to publisher's fulltext)
Publisher IEEE
Host/Issue ARES Conference International Conference on Availability, Reliability and Security 2015;
ISBN 978-1-4673-6590-1
Pages 11 - 19
Language eng (iso)
Subject(s) Security
agile method
industrial setting
risk analysis
software development
Technology
Research Subject Categories::TECHNOLOGY
Note The 10th International Conference on Availability, Reliability and Security (ARES). Toulouse, France, 24-28th August 2015
Handle http://hdl.handle.net/2043/19776 (link to this page)
Link http://www.ares-conference.eu/conference/conference-2/ (external link to related web page)

This item appears in the following Collection(s)

Show full item record

Search


Browse

My Account

Statistics