{"title":"敏捷团队中软件安全技能、使用和培训需求的轻量级度量","authors":"Tosin Daniel Oyetoyan, M. Jaatun, D. Cruzes","doi":"10.4018/IJSSE.2017010101","DOIUrl":null,"url":null,"abstract":"Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering process is unacceptable if it is perceived to run counter to the agile values, and agile teams have thus approached software security activities in their own way. To improve security within agile settings requires that management understands the current practices of software security activities within their agile teams. In this study, the authors have used a survey instrument to investigate software security usage, competence, and training needs in two agile organizations. They find that 1 The two organizations perform differently in terms of core software security activities, but are similar when secondary activities that could be leveraged for security are considered 2 regardless of cost or benefit, skill drives the kind of activities that are performed 3 Secure design is expressed as the most important training need by all groups in both organizations 4 Effective software security adoption in agile setting is not automatic, it requires a driver.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"38 1","pages":"1-27"},"PeriodicalIF":0.0000,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams\",\"authors\":\"Tosin Daniel Oyetoyan, M. Jaatun, D. Cruzes\",\"doi\":\"10.4018/IJSSE.2017010101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering process is unacceptable if it is perceived to run counter to the agile values, and agile teams have thus approached software security activities in their own way. To improve security within agile settings requires that management understands the current practices of software security activities within their agile teams. In this study, the authors have used a survey instrument to investigate software security usage, competence, and training needs in two agile organizations. They find that 1 The two organizations perform differently in terms of core software security activities, but are similar when secondary activities that could be leveraged for security are considered 2 regardless of cost or benefit, skill drives the kind of activities that are performed 3 Secure design is expressed as the most important training need by all groups in both organizations 4 Effective software security adoption in agile setting is not automatic, it requires a driver.\",\"PeriodicalId\":89158,\"journal\":{\"name\":\"International journal of secure software engineering\",\"volume\":\"38 1\",\"pages\":\"1-27\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International journal of secure software engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJSSE.2017010101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSE.2017010101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams
Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering process is unacceptable if it is perceived to run counter to the agile values, and agile teams have thus approached software security activities in their own way. To improve security within agile settings requires that management understands the current practices of software security activities within their agile teams. In this study, the authors have used a survey instrument to investigate software security usage, competence, and training needs in two agile organizations. They find that 1 The two organizations perform differently in terms of core software security activities, but are similar when secondary activities that could be leveraged for security are considered 2 regardless of cost or benefit, skill drives the kind of activities that are performed 3 Secure design is expressed as the most important training need by all groups in both organizations 4 Effective software security adoption in agile setting is not automatic, it requires a driver.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
