To main content

SoS-Agile - Science of Security for Agile Software Development

SoS-Agile - Science of Security for Agile Software Development

You are here:

About  - People  - Partners  - Blog  - Publications  - Events

IJSSE

09 July 2018

Special Issue On Secure Software Engineering in DevOps and Agile Development

Life is not a game - or is it?

06 January 2017

Learn to Play Protection Poker like a shark!

An Empirical Study on the Relationship between Software Security Skills, Usage and Training needs in Agile Settings

06 September 2016

Protecting organizations assets from malicious attackers is critical in today’s highly threatened environment. The threats landscape is continuously changing. Unfortunately, many organizations still lack an overview regarding what there developers and the rest of the stakeholders are doing to protect their assets. The agile paradigm adds a layer of complexity to software security. Critics have argued that security engineering process does not fit the agile process because it is very heavy. Proposed approaches to integrate security activities into agile have also been criticised to look similar to the traditional versions in terms of workload. As a result, ‘agile’ organizations have approached software security in a way that fits their process and practices. Statistics show that more than 70% of reported vulnerabilities are in the application layer and not the network. Thus, regardless of whether agile is incompatible with secure software development, the major discussion we should have is how to improve security within the agile context. To improve software security practices to  “adequate” level for an organization requires that we know what we are doing well and understand what the gap areas are.

What are the factors influencing testing of non-functional requirements in agile teams?

01 September 2016

Non-functional requirements define the overall qualities or attributes of a system. Although important, they are often neglected for many reasons, such as pressure of time and budget...

People

Daniela Soares Cruzes

Daniela Soares Cruzes

Senior Research Scientist
+47 942 49 891
Name
Daniela Soares Cruzes
Title
Senior Research Scientist
Phone
+47 942 49 891
Department
Software Engineering, Safety and Security
Office
Trondheim
Company
SINTEF AS
Tore Dybå

Tore Dybå

Chief Scientist
932 47 504
Name
Tore Dybå
Title
Chief Scientist
Phone
932 47 504
Department
Software Engineering, Safety and Security
Office
Trondheim
Company
SINTEF AS
Martin Gilje Jaatun

Martin Gilje Jaatun

Acting Research Manager
+47 900 26 921
Name
Martin Gilje Jaatun
Title
Acting Research Manager
Phone
+47 900 26 921
Department
Software Engineering, Safety and Security
Office
Trondheim
Company
SINTEF AS

The SoS-Agile project is funded by the Research Council of Norway IKTPLUSS program.

The project is run by the Information Security group at the Department of Software Engineering, Safety and Security, SINTEF ICT. Contact us at sos-agile (at) sintef (dot) no

Read More