Challenges and Solutions for Addressing Software Security in Agile Software Development: A Literature Review and Rigor and Relevance Assessment

Challenges and Solutions for Addressing Software Security in Agile Software Development: A Literature Review and Rigor and Relevance Assessment

Ronald Jabangwe (University of Southern Denmark, Odense M, Denmark), Kati Kuusinen (University of Southern Denmark, Odense, Denmark), Klaus R. Riisom (University of Southern Denmark, Odense, Denmark), Martin S. Hubel (University of Southern Denmark, Odense, Denmark), Hasan M. Alradhi (University of Southern Denmark, Odense M, Denmark) and Niels Bonde Nielsen (University of Southern Denmark, Odense S, Denmark)
DOI: 10.4018/IJSSSP.2018010101

Abstract

There has been a surge in the number of software security threats and vulnerabilities in recent times. At the same time, expectations towards software and data security are growing. Thus, there is a need to ensure that security-related tasks are effectively integrated in the software development processes. However, integrating security practices with agile software development is not trivial due to, for instance, differences in process dynamics and the concentration on functional vs non-functional requirements. In this article, the authors present a literature review on the challenges and solutions when adopting security in an agile software development context. Their findings suggest that there are ongoing efforts to integrate security-practices in agile methods, but more research is needed to make the processes more optimized and simpler for developers. A rigor and relevance assessment on primary studies highlights a need for improving the manner in which studies on the topic are performed as well as reported.
Article Preview
Top

A review published in 2013 (Ghani and Yasin, 2013) suggests that eXtreme Programming (XP) needs to be extended to include security practices, roles and guidelines to help build secure systems. The authors argue that XP already supports adoption of security-related practices. They give an example that pair-programming and coding standards are practices that can be useful for enhancing secure coding practices. On the other hand, it can also be argued that poor coding rules and practices can be a source of vulnerabilities (Liaqat et al., 2015).

There is evidence that integration of security into Feature-driven development (FDD) can be useful to IT organizations (Arbain et al., 2014). However, a systematic literature review published in 2014 found no frameworks or methods that apply or incorporate security for Feature-driven development (Arbain et al., 2014).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 2 Issues (2020): Forthcoming, Available for Pre-Order
Volume 10: 2 Issues (2019): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2018)
View Complete Journal Contents Listing