Can security become a routine? A study of Organizational change in an agile software development group

Andreas Poller, Laura Kocksch, Sven Türpe, Felix Anand Epp, Katharina Kinder-Kurlanda

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussaConference article in proceedingsScientificvertaisarvioitu

63 Sitaatiot (Scopus)

Abstrakti

Organizational factors influence the success of security initiatives in software development. Security audits and developer training can motivate development teams to adopt security practices, but their interplay with organizational structures and routines remains unclear. We studied how security consultancy affected organizational routines in a software development group. Security consultants tested their product, reported vulnerabilities, and delivered a security training. We followed the group during and after consultancy events. As a result of the consultancy, group members improved their understanding of security issues, but could not effect a change of routines within the given organizational structure. They handled vulnerabilities in a stabilization routine without changes in feature development, where security remained intangible. Interestingly, group members acknowledged an unfulfilled need for change but defended the structure inhibiting change. Security initiatives need to consider this interplay of structure and situated practice, and manage change in addition to providing expertise and tools.

AlkuperäiskieliEnglanti
OtsikkoCSCW 2017 - Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing
KustantajaACM
Sivut2489-2503
Sivumäärä15
ISBN (elektroninen)9781450343350
DOI - pysyväislinkit
TilaJulkaistu - 25 helmik. 2017
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaACM Conference on Computer-Supported Cooperative Work and Social Computing - Portland, Yhdysvallat
Kesto: 25 helmik. 20171 maalisk. 2017

Conference

ConferenceACM Conference on Computer-Supported Cooperative Work and Social Computing
LyhennettäCSCW
Maa/AlueYhdysvallat
KaupunkiPortland
Ajanjakso25/02/201701/03/2017

Sormenjälki

Sukella tutkimusaiheisiin 'Can security become a routine? A study of Organizational change in an agile software development group'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä