To achieve a level of security that is just right, software development projects need to strike a balance between security and cost. This necessitates making such decisions as to what security activities to perform in development and which security requirements should be given priority. Current evid...

Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated ...

Software security is about creating software that keeps performing as intended even when exposed to an active attacker. However, it is impossible to prevent all security flaws and vulnerabilities, since you will always have limited resources, in terms of time, money, and/or expertise. It is thus mos...

Software security is about creating software that keeps performing as intended even when exposed to an active attacker. However, it is impossible to prevent all security flaws and vulnerabilities, since you will always have limited resources, in terms of time, money, and/or expertise. It is thus mos...

Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. On the other hand, some users might understand the risk, and yet have ina...

Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited adoption of these techniques. In this paper we describe a case study on chall...