Publikationer från Malmö universitet
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting
Malmö högskola, Fakulteten för teknik och samhälle (TS). Malmö högskola, Internet of Things and People (IOTAP).ORCID-id: 0000-0002-8512-2976
2015 (engelsk)Inngår i: ARES Conference International Conference on Availability, Reliability and Security 2015, IEEE, 2015Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

A security-enhanced agile software development process, SEAP, is introduced in the development of a mobile money transfer system at Ericsson Corp. A specific characteristic of SEAP is that it includes a security group consisting of four different competences, i.e., Security manager, security architect, security master and penetration tester. Another significant feature of SEAP is an integrated risk analysis process. In analyzing risks in the development of the mobile money transfer system, a general finding was that SEAP either solves risks that were previously postponed or solves a larger proportion of the risks in a timely manner. The previous software development process, i.e., The baseline process of the comparison outlined in this paper, required 2.7 employee hours spent for every risk identified in the analysis process compared to, on the average, 1.5 hours for the SEAP. The baseline development process left 50% of the risks unattended in the software version being developed, while SEAP reduced that figure to 22%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.1%, i.e., More than a five times increment. This is important, since an early correction may avoid severe attacks in the future. The security competence in SEAP accounts for 5% of the personnel cost in the mobile money transfer system project. As a comparison, the corresponding figure, i.e., For security, was 1% in the previous development process.

sted, utgiver, år, opplag, sider
IEEE, 2015.
Emneord [en]
Security, agile method, industrial setting, risk analysis, software development
HSV kategori
Identifikatorer
URN: urn:nbn:se:mau:diva-12639DOI: 10.1109/ARES.2015.45ISI: 000380572600002Scopus ID: 2-s2.0-84961588803Lokal ID: 19776OAI: oai:DiVA.org:mau-12639DiVA, id: diva2:1409686
Konferanse
The 10th International Conference on Availability, Reliability and Security (ARES), Toulouse, France (2015)
Tilgjengelig fra: 2020-02-29 Laget: 2020-02-29 Sist oppdatert: 2024-02-05bibliografisk kontrollert

Open Access i DiVA

fulltekst(432 kB)339 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 432 kBChecksum SHA-512
9f40bfad8a896389be2e280a3fee9684c6306c4c16496e34e218458c6c78a15ffd92246fd666e770d57fd0c439f57033cf4f60f80b9edaecc85cadefdaccb24a
Type fulltextMimetype application/pdf

Andre lenker

Forlagets fulltekstScopushttp://www.ares-conference.eu/conference/conference-2/

Person

Jacobsson, Andreas

Søk i DiVA

Av forfatter/redaktør
Jacobsson, Andreas
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 339 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 69 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf