IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Risk Centric Activities in Secure Software Development in Public Organisations

Risk Centric Activities in Secure Software Development in Public Organisations
View Sample PDF
Author(s): Inger Anne Tøndel (Department of Computer Science, Norwegian University of Science and Technology (NTNU), Trondheim, Norway & SINTEF Digital, Trondheim, Norway), Martin Gilje Jaatun (Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway), Daniela Soares Cruzes (Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway)and Nils Brede Moe (SINTEF Digital, Trondheim, Norway)
Copyright: 2017
Volume: 8
Issue: 4
Pages: 30
Source title: International Journal of Secure Software Engineering (IJSSE)
Editor(s)-in-Chief: Martin Gilje Jaatun (SINTEF Digital, Norway)
DOI: 10.4018/IJSSE.2017100101

Purchase

View Risk Centric Activities in Secure Software Development in Public Organisations on the publisher's website for pricing and purchasing information.

Abstract

When working with software security in a risk-centric way, development projects become equipped to make decisions on how much security to include and what type of security pays off. This article presents the results of a study made among 23 public organisations, mapping their risk-centric activities and practices, and challenges for implementing them. The authors found that their software security practices were not based on an assessment of software security risks, but rather driven by compliance. Additionally, their practices could in many cases be characterised as arbitrary, late and error driven, with limited follow up on any security issues throughout their software development projects. Based on the results of the study, the authors identified the need for improvements in three main areas: responsibilities and stakeholder cooperation; risk perception and competence; and, practical ways of doing risk analysis in agile projects.

Related Content

Zachary Estreito, Vinh Le, Frederick C. Harris Jr., Sergiu M. Dascalu. © 2024. 15 pages.
Yogesh M. Kamble, Raj B. Kulkarni. © 2024. 10 pages.
Partha Ghosh, Takaaki Goto, Leena Jana Ghosh, Giridhar Maji, Soumya Sen. © 2024. 15 pages.
Kuo Jong-Yih, Hsieh Ti-Feng, Lin Yu-De, Lin Hui-Chi. © 2024. 17 pages.
Megha Bhushan, Utkarsh Verma, Chetna Garg, Arun Negi. © 2024. 14 pages.
Chase D. Carthen, Araam Zaremehrjardi, Vinh Le, Carlos Cardillo, Scotty Strachan, Alireza Tavakkoli, Frederick C. Harris Jr., Sergiu M. Dascalu. © 2024. 14 pages.
Deepak H. A., Vijayakumar T.. © 2023. 24 pages.
Body Bottom