Abstract | ||
---|---|---|
Software development teams apply security practices to prevent vulnerabilities in the software they ship. However, vulnerabilities can be difficult to find, and security practices take time and effort. Stakeholders can better guide software development if they have empirical data on how security practices are applied by development teams. The goal of this paper is to inform managers and developers on the use of security practices through a case study of an industrial software team so that managers and developers can base their security practice adoption decisions on empirical evidence. We present a case study of security practice use in a typical software development project at IBM. We collected empirical data from three perspectives: qualitative observations, a survey of the team members, and text mining of the team's development history. The team's top three practices were \"Track Vulnerabilities\", \"Apply Secure Coding Standards\" and \"Apply Security Tooling\". Our results indicate that the IBM team applied all investigated security practices and had good security outcomes, that tools and automation in the development and testing processes are applied and valued, that most practices required regular effort from the team and support from the organization, and that the team recognizes opportunities for improvement. We provide a list of lessons learned. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1109/CESI.2017.4 | CESI@ICSE |
Keywords | Field | DocType |
Security,Quality,Measurement Frameworks,Software Development Lifecycle,Survey | Scrum,Personal software process,Systems engineering,Information security standards,Software security assurance,Information security,Engineering,Security information and event management,Secure coding,Team software process,Management science | Conference |
ISSN | ISBN | Citations |
2575-4785 | 978-1-5386-1547-8 | 0 |
PageRank | References | Authors |
0.34 | 4 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Patrick Morrison | 1 | 57 | 5.94 |
Benjamin H. Smith | 2 | 0 | 0.34 |
Laurie Williams | 3 | 4033 | 473.64 |