For any software development company attempting to generate a competitive product, an appropriate software development methodology is consequently essential. The process of producing software is made more controllable and efficient by employing a software development method, which entails using the appropriate practices, tools, and methodologies. When creating software, software development businesses adhere to a particular methodology, whether it is a widely recognized cookie-cutter software development methodology or a unique internal methodology that is only loosely defined by themselves. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. ![]() Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. ![]() Activities, artifacts, and roles were then cross-evaluated with similarity matrices. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS).
0 Comments
Leave a Reply. |