Published: Jan 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.20170101.pre
Volume 8
Khaled M. Khan
Content Forthcoming
Add to Your Personal Library: Article Published: Jan 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017010101
Volume 8
Tosin Daniel Oyetoyan, Martin Gilje Jaatun, Daniela Soares Cruzes
Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security...
Show More
Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering process is unacceptable if it is perceived to run counter to the agile values, and agile teams have thus approached software security activities in their own way. To improve security within agile settings requires that management understands the current practices of software security activities within their agile teams. In this study, the authors have used a survey instrument to investigate software security usage, competence, and training needs in two agile organizations. They find that (1) The two organizations perform differently in terms of core software security activities, but are similar when secondary activities that could be leveraged for security are considered (2) regardless of cost or benefit, skill drives the kind of activities that are performed (3) Secure design is expressed as the most important training need by all groups in both organizations (4) Effective software security adoption in agile setting is not automatic, it requires a driver.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Oyetoyan, Tosin Daniel, et al. "A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams." IJSSE vol.8, no.1 2017: pp.1-27. http://doi.org/10.4018/IJSSE.2017010101
APA
Oyetoyan, T. D., Jaatun, M. G., & Cruzes, D. S. (2017). A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams. International Journal of Secure Software Engineering (IJSSE), 8(1), 1-27. http://doi.org/10.4018/IJSSE.2017010101
Chicago
Oyetoyan, Tosin Daniel, Martin Gilje Jaatun, and Daniela Soares Cruzes. "A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams," International Journal of Secure Software Engineering (IJSSE) 8, no.1: 1-27. http://doi.org/10.4018/IJSSE.2017010101
Export Reference
Published: Jan 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017010102
Volume 8
Lina M. Jimenez, Martin Ochoa, Sandra J. Rueda
Android stores and users need mechanisms to evaluate whether their applications are secure or not. Although various previous works use data and control flow techniques to evaluate security features...
Show More
Android stores and users need mechanisms to evaluate whether their applications are secure or not. Although various previous works use data and control flow techniques to evaluate security features of Android applications, this paper extends those works by using Jif to verify compliance of information flow policies. To do so, the authors addressed some challenges that emerge in Android environments, like automatizing generation of Jif labels for Android applications, and defining translations for Java instructions that are not currently supported by the Jif compiler. Results show that a Jif-based analysis is faster and has a better recall than other available mechanisms, but it also has a slightly lower precision. Jif also provides an open source compiler, generates executable code for an application only if such application meets a defined policy, and checks implicit flows which may be relevant for highly sensitive applications.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Jimenez, Lina M., et al. "Jif-Based Verification of Information Flow Policies for Android Apps." IJSSE vol.8, no.1 2017: pp.28-42. http://doi.org/10.4018/IJSSE.2017010102
APA
Jimenez, L. M., Ochoa, M., & Rueda, S. J. (2017). Jif-Based Verification of Information Flow Policies for Android Apps. International Journal of Secure Software Engineering (IJSSE), 8(1), 28-42. http://doi.org/10.4018/IJSSE.2017010102
Chicago
Jimenez, Lina M., Martin Ochoa, and Sandra J. Rueda. "Jif-Based Verification of Information Flow Policies for Android Apps," International Journal of Secure Software Engineering (IJSSE) 8, no.1: 28-42. http://doi.org/10.4018/IJSSE.2017010102
Export Reference
Published: Jan 1, 2017
Converted to Gold OA:
DOI: 10.4018/IJSSE.2017010103
Volume 8
Kalle Rindell, Sami Hyrynsalmi, Ville Leppänen
Security concerns are increasingly guiding both the design and processes of software-intensive product development. In certain environments, the development of the product requires special security...
Show More
Security concerns are increasingly guiding both the design and processes of software-intensive product development. In certain environments, the development of the product requires special security arrangements for development processes, product release, maintenance and hosting, and specific security-oriented processes and governance. Integrating the security engineering processes into agile development methods can have the effect of mitigating the agile methods' intended benefits. This article describes a case of a large ICT service provider building a secure identity management system for a sizable government agency. The project was a subject to strict security regulations due to the end product's critical role. The project was a multi-team, multi-site, standard-regulated security engineering and development work executed following the Scrum framework. The study reports the difficulties in combining security engineering with agile development, provides propositions to enhance Scrum for security engineering activities. Also, an evaluation of the effects of the security work on project cost presented.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Rindell, Kalle, et al. "Case Study of Agile Security Engineering: Building Identity Management for a Government Agency." IJSSE vol.8, no.1 2017: pp.43-57. http://doi.org/10.4018/IJSSE.2017010103
APA
Rindell, K., Hyrynsalmi, S., & Leppänen, V. (2017). Case Study of Agile Security Engineering: Building Identity Management for a Government Agency. International Journal of Secure Software Engineering (IJSSE), 8(1), 43-57. http://doi.org/10.4018/IJSSE.2017010103
Chicago
Rindell, Kalle, Sami Hyrynsalmi, and Ville Leppänen. "Case Study of Agile Security Engineering: Building Identity Management for a Government Agency," International Journal of Secure Software Engineering (IJSSE) 8, no.1: 43-57. http://doi.org/10.4018/IJSSE.2017010103
Export Reference
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100