AGILE AND SECURE SOFTWARE DEVELOPMENT: AN UNFINISHED STORY

Given the widespread adoption of agile methods and the rising number of software vulnerabilities, we analyze the literature with an interest in the effect of security practices on software development agility. We propose a novel taxonomy to systematize the body of knowledge around secure agile development and then organize and summarize the selected research using the new taxonomy. At a high-level we create two categories, Phase Focused and Phase Independent. The Phase Focused category is then subdivided along the traditional SDLC phases. The Phase Independent category spans all phases of the SDLC or is phase independent. We conclude that, although there is a significant body of literature on the topic, the story is unfinished. There is further investigation needed to ensure agility as secure development practices are adopted and in regard to empirical evaluations of the proposed agile and secure software development integration approaches

Digital Transformation in the Public Sector: IT Alignment as a Moderator

The widespread adoption of new digital technologies to revamp how organisations run their operations and processes—referred to as digital transformation—has resulted in improved organisational performance, primarily due to improved efficiency and effectiveness. In the public sector, digital transformation facilitates the participation of various stakeholders in public decision making. However, despite the anticipated benefits, the introduction of new technologies requires making adjustments to their business processes, organisational structures as well as to human resources. These changes, in turn, have implications on how leaders manage the alignment between new digital technologies as well as the overall organisational factors that are critical to successful digital transformation. This study, adopting a mixed-research approach with interviews and surveys as a data collection method, explores the relationship IT alignment has with organisational agility and information security. Besides examining the relationships, the study reveals the degree of significance of the various factors critical to digital transformation

A Pattern-Based Approach to Scaffold the IT Infrastructure Design Process

Context. The design of Information Technology (IT) infrastructures is a challenging task since it implies proficiency in several areas that are rarely mastered by a single person, thus raising communication problems among those in charge of conceiving, deploying, operating and maintaining/managing them. Most IT infrastructure designs are based on proprietary models, known as blueprints or product-oriented architectures, defined by vendors to facilitate the configuration of a particular solution, based upon their services and products portfolio. Existing blueprints can be facilitators in the design of solutions for a particular vendor or technology. However, since organizations may have infrastructure components from multiple vendors, the use of blueprints aligned with commercial product(s) may cause integration problems among these components and can lead to vendor lock-in. Additionally, these blueprints have a short lifecycle, due to their association with product version(s) or a specific technology, which hampers their usage as a tool for the reuse of IT infrastructure knowledge. Objectives. The objectives of this dissertation are (i) to mitigate the inability to reuse knowledge in terms of best practices in the design of IT infrastructures and, (ii) to simplify the usage of this knowledge, making the IT infrastructure designs simpler, quicker and better documented, while facilitating the integration of components from different vendors and minimizing the communication problems between teams. Method. We conducted an online survey and performed a systematic literature review to support the state of the art and to provide evidence that this research was relevant and had not been conducted before. A model-driven approach was also used for the formalization and empirical validation of well-formedness rules to enhance the overall process of designing IT infrastructures. To simplify and support the design process, a modeling tool, including its abstract and concrete syntaxes was also extended to include the main contributions of this dissertation. Results. We obtained 123 responses to the online survey. Their majority were from people with more than 15 years experience with IT infrastructures. The respondents confirmed our claims regarding the lack of formality and documentation problems on knowledge transfer and only 19% considered that their current practices to represent IT Infrastructures are efficient. A language for modeling IT Infrastructures including an abstract and concrete syntax is proposed to address the problem of informality in their design. A catalog of IT Infrastructure patterns is also proposed to allow expressing best practices in their design. The modeling tool was also evaluated and according to 84% of the respondents, this approach decreases the effort associated with IT infrastructure design and 89% considered that the use of a repository with infrastructure patterns, will help to improve the overall quality of IT infrastructures representations. A controlled experiment was also performed to assess the effectiveness of both the proposed language and the pattern-based IT infrastructure design process supported by the tool. Conclusion. With this work, we contribute to improve the current state of the art in the design of IT infrastructures replacing the ad-hoc methods with more formal ones to address the problems of ambiguity, traceability and documentation, among others, that characterize most of IT infrastructure representations. Categories and Subject Descriptors:C.0 [Computer Systems Organization]: System architecture; D.2.10 [Software Engineering]: Design-Methodologies; D.2.11 [Software Engineering]: Software Architectures-Patterns

Its time to act:understanding and assessing agility in information systems development

This paper focuses on addressing the question of how agile are agile methods. To do this I synthesize seven general features of agility, drawing on management and sociology disciplines, into a framework, to act as a ‘gold standard’ by which to compare agile methods. I found that agile methods did not entirely measure up to this framework and that they were lacking in terms of (i) survival, (ii) prospering or thriving on change, and (iii) being able to regulate and leverage emotions in action responses to change. This paper offers: (i) a framework for assessing agility in software development, (ii) the elucidation of a knowledge gap in agile methods with respect to emotion, and, (iii) a conceptualization that reveals the need to incorporate emotional regulation and leverage into assessments of agility

Management of software development projects in Brazil using agile methods

The aim of the paper is to analyze how agile management practices are being adopted by specialists from software development technology companies in Brazil, identifying actions that contribute to the success of software implementation, aiming to ensure the survival of organizations in the market. The study counted with a literature review to support the field research with software development specialists who use the agile methodology and work in Brazil in the states of Rio de Janeiro and São Paulo. The results were analyzed through a descriptive statistics and content analysis. The research identified that the companies that adopt agile software management methodology in Brazil prefer the Scrum method and the development teams may be geographically distributed. The main positive points identified when adopting agile methods were the process speed, team involvement, maximization of results, involvement with the client, and simplicity. Most experts identified problems in the implementation of the agile methodology and as points of attention: management of distributed teams, scope estimation and communication. It was possible to identify the existence of a positive financial result by adopting the agile method for software development projects, as well as actions that contribute to the success of these projects, such as controlling quality using different testing techniques, project management, time, stakeholders, scope, and have agile communication, with feedback and good leadership. On the other hand, it was observed in the statistics that, although efficient, this method is still not being widely used. This research can contribute to the managers of software development companies in the use of agile methods as well as improving management decision-making

Requirements Engineering that Balances Agility of Teams and System-level Information Needs at Scale

Context: Motivated by their success in software development, large-scale systems development companies are increasingly adopting agile methods and their practices. Such companies need to accommodate different development cycles of hardware and software and are usually subject to regulation and safety concerns. Also, for such companies, requirements engineering is an essential activity that involves upfront and detailed analysis which can be at odds with agile development methods. Objective: The overall aim of this thesis is to investigate the challenges and solution candidates of performing effective requirements engineering in an agile environment, based on empirical evidence. Illustrated with studies on safety and system-level information needs, we explore RE challenges and solutions in large-scale agile development, both in general and from the teams’ perspectives. Method: To meet our aim, we performed a secondary study and a series of empirical studies based on case studies. We collected qualitative data using interviews, focus groups and workshops to derive challenges and potential solutions from industry. Findings: Our findings show that there are numerous challenges of conducting requirements engineering in agile development especially where systems development is concerned. The challenges discovered sprout from an integration problem of working with agile methods while relying on established plan-driven processes for the overall system. We highlight the communication challenge of crossing the boundary of agile methods and system-level (or plan-driven) development, which also proves the coexistence of both methods. Conclusions: Our results highlight the painful areas of requirements engineering in agile development and propose solutions that can be explored further. This thesis contributes to future research, by establishing a holistic map of challenges and candidate solutions that can be further developed to make RE more efficient within agile environments

IT-Enabled Service Innovation—A Field Study of Agile Approaches to Value Co-Creation

Service organizations need to respond rapidly to both changes in the market and customer expectations. One way of accomplishing this is through service innovation enacted to achieve competitive advantage. This study applies a service-dominant logic (SDL) lens to describe how a service organization may achieve service innovation through value co-creation that is facilitated by agile distributed methods. Literature on value co-creation is somewhat limited; although a few studies have provided guidance on what is needed to achieve value co-creation, no study has yet presented how this might be achieved. Therefore, using a single-site case study in the context of a large service organization, this study examines how value is co-created and the role that agile distributed methods play in this process. This research seeks to contribute to practice by providing service organizations with recommendations for achieving value co-creation. It contributes to theory by advancing our understanding of value co-creation processes; moreover, by using the context of an SDL, it presents a framework that maps elements of service innovation to agile distributed practices

A Case Study Of Determinants Of An Effective Cloud Computing Strategy

The cloud continues to be an area of information systems that is being adopted cautiously by business firms. The authors of this study analyze factors that can determine the effectiveness of a cloud strategy as firms invest in this computing method. The authors examine cloud computing strategy from a detailed case study and statistical interpretation of a sample of projects of firms and organizations. The findings impute that technical factors are driving cloud computing projects more than procedural factors and that projects in the study exhibit less discipline in methodology than might otherwise be helpful in enabling an initial cloud computing strategy. This study contributes a framework for a prudent cloud computing strategy that can help firms as they further invest in this method of technology

Guiding the selection of service-oriented software engineering methodologies

Service-oriented computing is a paradigm for effectively delivering software services in a dynamic environment. Accordingly, many service-oriented software engineering (SOSE) methodologies have been proposed and practiced in both academia and industry. Some of these methodologies share common features (e. g. cover similar life-cycle phases) but are presented for different purposes, ranging from project management to system modernization, and from business analysis to technical solutions development. Given this diversity in the methodologies available in the literature, it is very hard for a company to decide which methodology would fit best for its specific needs. With this aim, we took a feature analysis approach and devised a framework for comparing the existing SOA methodologies. Different from existing comparison frameworks, ours specifically highlights aspects that are specific to SOA and aims to differentiate the methodologies that are truly service-oriented from those that deal little with service aspects. As such, the criteria defined in the framework can be used as a checklist for selecting a SOSE methodology. © 2011 The Author(s)