To main content

SoS-Agile - Science of Security for Agile Software Development

SoS-Agile - Science of Security for Agile Software Development

You are here:

About  - People  - Partners  - Blog  - Publications  - Events

Articles

IJSSE

09 July 2018

Special Issue On Secure Software Engineering in DevOps and Agile Development

Life is not a game - or is it?

06 January 2017

Learn to Play Protection Poker like a shark!

An Empirical Study on the Relationship between Software Security Skills, Usage and Training needs in Agile Settings

06 September 2016

Protecting organizations assets from malicious attackers is critical in today’s highly threatened environment. The threats landscape is continuously changing. Unfortunately, many organizations still lack an overview regarding what there developers and the rest of the stakeholders are doing to protect their assets. The agile paradigm adds a layer of complexity to software security. Critics have argued that security engineering process does not fit the agile process because it is very heavy. Proposed approaches to integrate security activities into agile have also been criticised to look similar to the traditional versions in terms of workload. As a result, ‘agile’ organizations have approached software security in a way that fits their process and practices. Statistics show that more than 70% of reported vulnerabilities are in the application layer and not the network. Thus, regardless of whether agile is incompatible with secure software development, the major discussion we should have is how to improve security within the agile context. To improve software security practices to  “adequate” level for an organization requires that we know what we are doing well and understand what the gap areas are.

What are the factors influencing testing of non-functional requirements in agile teams?

01 September 2016

Non-functional requirements define the overall qualities or attributes of a system. Although important, they are often neglected for many reasons, such as pressure of time and budget...

JiraSecPlugin

16 August 2016

JiraSecPlugin - JIRA plugin is a simple to use plugin for classifying recorded issues as security related or not. It is based on artificial intelligence algorithms. By default, the plugin comes with a trained model built on a comprehensive set of security terms that we divided into four categories: 1. Personally Identifiable Information (PII), 2. Direct (terms related to attacks and vulnerabilities), 3. Control (terms related to implemented security controls), and 4. Indirect (terms that are indirectly related to security and not in the above 3 categories).Terms are extracted from different sources such as the CWE, OWASP, CVE, RFC 4949, and industrial issue tracking databases.

Continuous Deployment and Security

15 August 2016

Continuous Deployment has many advantages and challenges, Laurie Williams an Associate Department Head of Computer Science and a Professor in the Computer Science Department at North Carolina State University (NCSU) visited us at SINTEF talked about some challenges that companies are facing with continuous deployment at a Dataforeningen/SINTEF meeting at DIGS.

People

Tore Dybå

Tore Dybå

Chief Scientist
932 47 504
Name
Tore Dybå
Title
Chief Scientist
Phone
932 47 504
Department
Software Engineering, Safety and Security
Office
Trondheim
Company
SINTEF AS
Martin Gilje Jaatun

Martin Gilje Jaatun

Senior Research Scientist
+47 900 26 921
Name
Martin Gilje Jaatun
Title
Senior Research Scientist
Phone
+47 900 26 921
Department
Software Engineering, Safety and Security
Office
Trondheim
Company
SINTEF AS

The SoS-Agile project is funded by the Research Council of Norway IKTPLUSS program.

The project is run by the Information Security group at the Department of Software Engineering, Safety and Security, SINTEF ICT. Contact us at sos-agile (at) sintef (dot) no

Read More