To main content

Threat modelling and agile software development: Identified practice in four Norwegian organisations

Threat modelling and agile software development: Identified practice in four Norwegian organisations

Category
Part of a book/report
Abstract
Threat modelling is considered a key activity in secure software engineering. However, despite its documented benefits it has not (yet) been widely adopted by agile software development projects. In this paper we present results from a qualitative study of how it is performed in practice by four different organisations. The findings show that, even though they all consider threat modelling to lead to a more secure product, they all struggle with practical aspects of the established theory.
Language
English
Author(s)
Affiliation
  • SINTEF Digital / Software Engineering, Safety and Security
Year
2019
Publisher
IEEE
Book
Proceedings of the 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), University of Oxford, 3-4 June 2019
ISBN
978-1-7281-0229-0