IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v15y2023i1p801-d1022617.html
   My bibliography  Save this article

Agile Development of Secure Software for Small and Medium-Sized Enterprises

Author

Listed:
  • Anže Mihelič

    (Faculty of Criminal Justice and Security, University of Maribor, Kotnikova 8, 1000 Ljubljana, Slovenia)

  • Simon Vrhovec

    (Faculty of Criminal Justice and Security, University of Maribor, Kotnikova 8, 1000 Ljubljana, Slovenia)

  • Tomaž Hovelja

    (Faculty of Computer and Information Science, University of Ljubljana, Večna Pot 113, 1000 Ljubljana, Slovenia)

Abstract

Although agile methods gained popularity and became globally widespread, developing secure software with agile methods remains a challenge. Method elements (i.e., roles, activities, and artifacts) that aim to increase software security on one hand can reduce the characteristic agility of agile methods on the other. The overall aim of this paper is to provide small- and medium-sized enterprises (SMEs) with the means to improve the sustainability of their software development process in terms of software security despite their limitations, such as low capacity and/or financial resources. Although software engineering literature offers various security elements, there is one key research gap that hinders the ability to provide such means. It remains unclear not only how much individual security elements contribute to software security but also how they impact the agility and costs of software development. To address the gap, we identified security elements found in the literature and evaluated them for their impact on software security, agility, and costs in an international study among practitioners. Finally, we developed a novel lightweight approach for evaluating agile methods from a security perspective. The developed approach can help SMEs to adapt their software development to their needs.

Suggested Citation

  • Anže Mihelič & Simon Vrhovec & Tomaž Hovelja, 2023. "Agile Development of Secure Software for Small and Medium-Sized Enterprises," Sustainability, MDPI, vol. 15(1), pages 1-23, January.
    • Handle: RePEc:gam:jsusta:v:15:y:2023:i:1:p:801-:d:1022617
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/15/1/801/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/15/1/801/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. A. F. Tappenden & T. Huynh & J. Miller & A. Geras & M. Smith, 2006. "Agile Development of Secure Web-Based Applications," International Journal of Information Technology and Web Engineering (IJITWE), IGI Global, vol. 1(2), pages 1-24, April.
    2. Frederik M. Fowler, 2019. "Navigating Hybrid Scrum Environments," Springer Books, Springer, number 978-1-4842-4164-6, September.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Cristian Fagarasan & Ciprian Cristea & Maria Cristea & Ovidiu Popa & Adrian Pisla, 2023. "Integrating Sustainability Metrics into Project and Portfolio Performance Assessment in Agile Software Development: A Data-Driven Scoring Model," Sustainability, MDPI, vol. 15(17), pages 1-25, August.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Tugba Karabiyik & Aparajita Jaiswal & Paul Thomas & Alejandra J. Magana, 2020. "Understanding the Interactions between the Scrum Master and the Development Team: A Game-Theoretic Approach," Mathematics, MDPI, vol. 8(9), pages 1-21, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:15:y:2023:i:1:p:801-:d:1022617. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.