| | SLO | ENG | Cookies and privacy

Bigger font | Smaller font

Show document Help

Title:Identifying key activities, artifacts and roles in agile engineering of secure software with hierarchical clustering
Authors:ID Mihelič, Anže (Author)
ID Hovelja, Tomaž (Author)
ID Vrhovec, Simon (Author)
Files:URL https://www.mdpi.com/2076-3417/13/7/4563
 
.pdf applsci-13-04563.pdf (557,17 KB)
MD5: 9BC54D736950D301EAE16C0E6500E48E
 
URL https://www.mdpi.com/2076-3417/13/7/4563
 
Language:English
Work type:Scientific work
Typology:1.01 - Original Scientific Article
Organization:FVV - Faculty of Criminal Justice and Security
Abstract:Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security.
Keywords:secure software development, security engineering, agile methods, agile development, software development, software engineering, software security, application security, cybersecurity, cyber resilience
Publication status:Published
Publication version:Version of Record
Submitted for review:27.01.2023
Article acceptance date:29.03.2023
Publication date:04.04.2023
Year of publishing:2023
Number of pages:16 str.
Numbering:Vol. 13, iss. 7
PID:20.500.12556/DKUM-86418 New window
UDC:004.056
ISSN on article:2076-3417
eISSN:2076-3417
COBISS.SI-ID:147677699 New window
DOI:10.3390/app13074563 New window
Publication date in DKUM:29.11.2023
Views:417
Downloads:12
Metadata:XML DC-XML DC-RDF
Categories:Misc.
:
Copy citation
  
Average score:(0 votes)
Your score:Voting is allowed only for logged in users.
Share:Bookmark and Share


Hover the mouse pointer over a document title to show the abstract or click on the title to get all document metadata.

Record is a part of a journal

Title:Applied sciences
Shortened title:Appl. sci.
Publisher:MDPI
ISSN:2076-3417
COBISS.SI-ID:522979353 New window

Licences

License:CC BY 4.0, Creative Commons Attribution 4.0 International
Link:http://creativecommons.org/licenses/by/4.0/
Description:This is the standard Creative Commons license that gives others maximum freedom to do what they want with the work as long as they credit the author.
Licensing start date:04.04.2023

Comments

Leave comment

You must log in to leave a comment.

Comments (0)
0 - 0 / 0
 
There are no comments!

Back
Logos of partners University of Maribor University of Ljubljana University of Primorska University of Nova Gorica