TY - GEN
T1 - Security Compliance in Agile Software Development
T2 - 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020
AU - Moyon, Fabiola
AU - Almeida, Pamela
AU - Riofrio, Daniel
AU - Mendez, Daniel
AU - Kalinowski, Marcos
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/8
Y1 - 2020/8
N2 - Companies adopting agile development tend to face challenges in complying with security norms. Existing research either focuses on how to integrate security into agile methods or on discussing compliance issues of agile methods but independently of the regulation type, in particular of security standards. A comprehensive overview of this scattered field is still missing and we know little about how to achieve security compliance in agile software development. Existing secondary studies (mapping studies and literature reviews) analyze publications on secure agile development, but they do not analyze implications of security standard compliance, e.g., integration of specific standard requirements or compliance assessments. To close this gap, we report on a systematic mapping study. Starting with a set of 2,383 papers, our work distills 11 relevant publications addressing security compliance in agile software development. With this study, we contribute by describing the maturity of the field, as well as domains where security compliant agile software engineering was investigated. Moreover, we make explicit which phases of a secure development process are covered by the field and which agile principles are analyzed when aiming at compliance with international security standards, country-specific security regulations, industry-specific security standards, and other well-known security frameworks.
AB - Companies adopting agile development tend to face challenges in complying with security norms. Existing research either focuses on how to integrate security into agile methods or on discussing compliance issues of agile methods but independently of the regulation type, in particular of security standards. A comprehensive overview of this scattered field is still missing and we know little about how to achieve security compliance in agile software development. Existing secondary studies (mapping studies and literature reviews) analyze publications on secure agile development, but they do not analyze implications of security standard compliance, e.g., integration of specific standard requirements or compliance assessments. To close this gap, we report on a systematic mapping study. Starting with a set of 2,383 papers, our work distills 11 relevant publications addressing security compliance in agile software development. With this study, we contribute by describing the maturity of the field, as well as domains where security compliant agile software engineering was investigated. Moreover, we make explicit which phases of a secure development process are covered by the field and which agile principles are analyzed when aiming at compliance with international security standards, country-specific security regulations, industry-specific security standards, and other well-known security frameworks.
KW - Agile Software Engineering
KW - Secure Software Engineering
KW - Security Compliance
KW - Systematic Mapping Study
UR - https://www.scopus.com/pages/publications/85096603749
U2 - 10.1109/SEAA51224.2020.00073
DO - 10.1109/SEAA51224.2020.00073
M3 - Contribución a la conferencia
AN - SCOPUS:85096603749
T3 - Proceedings - 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020
SP - 413
EP - 420
BT - Proceedings - 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020
A2 - Martini, Antonio
A2 - Wimmer, Manuel
A2 - Skavhaug, Amund
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 26 August 2020 through 28 August 2020
ER -