| Title: | Identifying key activities, artifacts and roles in agile engineering of secure software with hierarchical clustering |
|---|
| Authors: | ID Mihelič, Anže (Author)
ID Hovelja, Tomaž (Author)
ID Vrhovec, Simon (Author) |
|---|
| Files: |  https://www.mdpi.com/2076-3417/13/7/4563
 applsci-13-04563.pdf (557,17 KB)
MD5: 9BC54D736950D301EAE16C0E6500E48E
https://www.mdpi.com/2076-3417/13/7/4563
|
|---|
| Language: | English |
|---|
| Work type: | Scientific work |
|---|
| Typology: | 1.01 - Original Scientific Article |
|---|
| Organization: | FVV - Faculty of Criminal Justice and Security
|
|---|
| Abstract: | Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security. |
|---|
| Keywords: | secure software development, security engineering, agile methods, agile development, software development, software engineering, software security, application security, cybersecurity, cyber resilience |
|---|
| Publication status: | Published |
|---|
| Publication version: | Version of Record |
|---|
| Submitted for review: | 27.01.2023 |
|---|
| Article acceptance date: | 29.03.2023 |
|---|
| Publication date: | 04.04.2023 |
|---|
| Year of publishing: | 2023 |
|---|
| Number of pages: | 16 str. |
|---|
| Numbering: | Vol. 13, iss. 7 |
|---|
| PID: | 20.500.12556/DKUM-86418  |
|---|
| UDC: | 004.056 |
|---|
| ISSN on article: | 2076-3417 |
|---|
| eISSN: | 2076-3417 |
|---|
| COBISS.SI-ID: | 147677699 |
|---|
| DOI: | 10.3390/app13074563 |
|---|
| Publication date in DKUM: | 29.11.2023 |
|---|
| Views: | 417 |
|---|
| Downloads: | 12 |
|---|
| Metadata: |    |
|---|
| Categories: | Misc.
|
|---|
|
:
|
Copy citation |
|---|
| | | | Average score: | (0 votes) |
|---|
| Your score: | Voting is allowed only for logged in users. |
|---|
| Share: |  |
|---|
Hover the mouse pointer over a document title to show the abstract or click
on the title to get all document metadata. |
