28,023 research outputs found

    Misalignment challenges when integrating security requirements into mobile banking application development

    Get PDF
    This study identifies and explores the core challenge faced when integrating security requirements into the mobile application software development life cycle. Studies on key issues in Information Systems (IS) have been on-going in the past decades, with security moving up the ranks of top issues in IS. Security requirements can be added into mobile application development processes by practising secure coding or by adding a third party security tool. This study gathered data from a single case study and employs grounded theory methodology to reveal misalignment as the core challenge to integrating security requirements into mobile banking application development. Identified forms of misalignment include that between security requirements and (1) external entities, (2) roles, (3) skills and (4) system requirements. Some of the findings indicate the need for further research. Research indicates that mobile application development follows agile methods for development. Agile methods have been compared with Complex Adaptive Systems (CAS). For this reason, research in IS could benefit from studies that focus on CAS as a theory to provide a better explanation on the misalignment issues in mobile application development. From the current study, the research also identified the need to address misalignment issues before embarking on a project involving integrating of security requirements

    Misalignment - the core challenge in integrating security and privacy requirements into mobile banking application development

    Get PDF
    This study identifies and explores the core challenge faced when integrating security and privacy requirements into the mobile banking software development life cycle. Studies on key issues in Information Systems (IS) have been on-going for several decades, with security and privacy moving up the ranks of top issues in IS. Security and privacy requirements can be added into the mobile application development processes by practising secure coding, and/or, by adding a third party security tool. This study gathered data from a single case study; it employs grounded theory methodology to reveal misalignment as the core challenge to integrating security and privacy requirements into mobile banking application development. The forms of misalignment are between security and privacy requirements and (1) external entities, (2) roles, (3) skills and (4) system requirements. The nature of the mobile application domain results in the misalignment forms identified above. Some of the findings indicate the need for further research. Research indicates that mobile application development follows agile methods for development. Agile methods have been compared with Complex Adaptive Systems (CAS). For this reason, research in IS could benefit from studies that focus on CAS as a theory to provide a better explanation on the misalignment issues in mobile application development

    A software development methodology for solo software developers: leveraging the product quality of independent developers

    Get PDF
    Software security for agile methods, particularly for those designed for individual developers, is still a major concern. With most software products deployed over the Internet, security as a key component of software quality has become a major problem. In addressing this problem, this research proposes a solo software development methodology (SSDM) that uses as minimum resources as possible, at the same time conforming to the best practice for delivering secure and high-quality software products. Agile methods have excelled on delivering timely and quality software. At the same time research also shows that most agile methods do not address the problem of security in the developed software. A metasynthesis of SSDMs conducted in this thesis confirmed the lack practices that promote security in the developed software product. On the other hand, some researchers have demonstrated the feasibility of incorporating existing lightweight security practices into agile methods. This research uses Design Science Research (DSR) to build, demonstrate and evaluate a lightweight SSDM. Using an algorithm adapted for the purpose, the research systematically integrates lightweight security and quality practices to produce an agile secure-solo software development methodology (Secure-SSDM). A multiple-case study in an academic and industry setting is conducted to demonstrate and evaluate the utility of the methodology. This demonstration and evaluation thereof, indicates the applicability of the methodology in building high-quality and secure software products. Theoretical evaluation of the agility of the Secure-SSDM using the four-dimensional analytical tool (4-DAT) shows satisfactory compliance of the methodology with agile principles. The main contributions in this thesis are: the Secure-SSDM, which entails description of the concepts, modelling languages, stages, tasks, tools and techniques; generation of a quality theory on practices that promote quality in a solo software development environment; adaptation of Keramati and Mirian-Hosseinabadi’s algorithm for the purposes of integrating quality and security practices. This research would be of value to researchers as it introduces the security component of software quality into a solo software development environment, probing more research in the area. To software developers the research has provided a lightweight methodology that builds quality and security into the product using minimum resources.School of ComputingD. Phil. (Computer Science

    Towards secure software development at Neste - a case study

    Get PDF
    Software development industry has been revolutionized through adoption of software develop- ment methods such as DevOps. While adopting DevOps can speed up development through collaborative culture between development and operations teams, speed-driven adoption can have an adverse impact on security aspects. DevSecOps is a concept that focuses on embed- ding security culture and activities into DevOps. Another contributing factor to the more agile development landscape is the widespread adoption of open source components. However, the risk of putting too much trust into the open source ecosystem has resulted in a whole new set of security issues that have not yet been adequately addressed by the industry. This thesis is commissioned by Neste Corporation. The company has set an initiative to in- corporate methods that enable better transparency, agility, and security into their software development projects. This thesis collects research data on secure software development prac- tices by combining findings of a literature review with a case study. The qualitative case study is done by interviewing eight stakeholders from four different software development teams. The literature review shows that securing software is very much an ongoing effort, especially in the open source ecosystem. Therefore, it might be not surprising that the results from the case study revealed multiple shortcomings on the subject matter despite obvious efforts from the participating teams. As a result, this thesis presents potential ideas for the case company to consider integrating into their software development projects in order to kickstart their secure software development journey

    SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators

    Get PDF
    Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that utilize sensors and actuators placed in private places. This work provides an interdisciplinary overview of the social and technical core research challenges for the trustworthy integration of sensor and actuator devices with the Cloud Computing paradigm. Most importantly, these challenges include i) ease of development, ii) security and privacy, and iii) social dimensions of a cloud-based system which integrates into private life. When these challenges are tackled in the development of future cloud systems, the attractiveness of new use cases in a sensor-enabled world will considerably be increased for users who currently do not trust the Cloud.Comment: 14 pages, 3 figures, published as technical report of the Department of Computer Science of RWTH Aachen Universit

    International conference on software engineering and knowledge engineering: Session chair

    Get PDF
    The Thirtieth International Conference on Software Engineering and Knowledge Engineering (SEKE 2018) will be held at the Hotel Pullman, San Francisco Bay, USA, from July 1 to July 3, 2018. SEKE2018 will also be dedicated in memory of Professor Lofti Zadeh, a great scholar, pioneer and leader in fuzzy sets theory and soft computing. The conference aims at bringing together experts in software engineering and knowledge engineering to discuss on relevant results in either software engineering or knowledge engineering or both. Special emphasis will be put on the transference of methods between both domains. The theme this year is soft computing in software engineering & knowledge engineering. Submission of papers and demos are both welcome

    Rethinking Security Incident Response: The Integration of Agile Principles

    Get PDF
    In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information Systems (AMCIS 2014), Savannah, Georgi
    • …
    corecore