Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital

Sammendrag

It is claimed that integrating agile and security in practice is challenging. There is the notion that security is a heavy process, requires expertise, and consumes developers’ time. These contrast with the agile vision. Regardless of these challenges, it is important for organizations to address security within their agile processes since critical assets must be protected against attacks. One way is to integrate tools that could help to identify security weaknesses during implementation and suggest methods to refactor them. We used quantitative and qualitative approaches to investigate the efficiency of the tools and what they mean to the actual users (i.e. developers) at Telenor Digital. Our findings, although not surprising, show that several barriers exist both in terms of tool’s performance and developers’ perceptions. We suggest practical ways for improvement.

Les publikasjonen

Kategori

Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

Oppdragsgiver

Research Council of Norway (RCN) / 247678

Språk

Engelsk

Forfatter(e)

Tosin Daniel Oyetoyan
Bisera Milosheska
Mari Grini
Daniela Soares Cruzes

Institusjon(er)

SINTEF Digital / Software Engineering, Safety and Security
Telenor

År

2018

Forlag

Springer

Bok

Agile Processes in Software Engineering and Extreme Programming, 19th International Conference, XP 2018, Proceedings

Hefte nr.

314

ISBN

978-3-319-91601-9

Side(r)

86 - 103

DOI

https://doi.org/10.1007/978-3-319-91602-6_6

Les fulltekst

https://hdl.handle.net/11250/2501153

Vis denne publikasjonen hos Cristin

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss