A Systematic Mapping Study on Security in Agile Requirements Engineering. Villamizar, H., Kalinowski, M., Viana, M., & Fernández, D. M. In 44th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2018, Prague, Czech Republic, Aug 29-31, pages 454–461, 2018. ![A Systematic Mapping Study on Security in Agile Requirements Engineering [pdf]](https://bibbase.org/img/filetypes/pdf.svg "pdf")
Author version doi abstract bibtex 21 downloads [Background] The rapidly changing business environments in which many companies operate is challenging traditional Requirements Engineering (RE) approaches. This gave rise to agile approaches for RE. Security, at the same time, is an essential non-functional requirement that still tends to be difficult to address in agile development contexts. Given the fuzzy notion of “agile” in context of RE and the difficulties of appropriately handling security requirements, the overall understanding of how to handle security requirements in agile RE is still vague. [Objective] Our goal is to characterize the publication landscape of approaches that handle security requirements in agile software projects. [Method] We conducted a systematic mapping to outline relevant work and contemporary gaps for future research. [Results] In total, we identified 21 studies that met our inclusion criteria, dated from 2005 to 2017. We found that the approaches typically involve modifying agile methods, introducing new artifacts (e.g., extending the concept of user story to abuser story), or introducing guidelines to handle security issues. We also identified limitations of using these approaches related to environment, people, effort and resources. [Conclusion] Our analysis suggests that more effort needs to be invested into empirically evaluating the existing approaches and that there is an avenue for future research in the direction of mitigating the identified limitations.
@inproceedings{VillamizarKVM18,
author = {Hugo Villamizar and Marcos Kalinowski and Marx Viana and Daniel M{\'{e}}ndez Fern{\'{a}}ndez},
title = {A Systematic Mapping Study on Security in Agile Requirements Engineering},
abstract = {[Background] The rapidly changing business environments in which many companies operate is challenging traditional Requirements Engineering (RE) approaches. This gave rise to agile approaches for RE. Security, at the same time, is an essential non-functional requirement that still tends to be difficult to address in agile development contexts. Given the fuzzy notion of “agile” in context of RE and the difficulties of appropriately handling security requirements, the overall understanding of how to handle security requirements in agile RE is still vague. [Objective] Our goal is to characterize the publication landscape of approaches that handle security requirements in agile software projects. [Method] We conducted a systematic mapping to outline relevant work and contemporary gaps for future research. [Results] In total, we identified 21 studies that met our inclusion criteria, dated from 2005 to 2017. We found that the approaches typically involve modifying agile methods, introducing new artifacts (e.g., extending the concept of user story to abuser story), or introducing guidelines to handle security issues. We also identified limitations of using these approaches related to environment, people, effort and resources. [Conclusion] Our analysis suggests that more effort needs to be invested into empirically evaluating the existing approaches and that there is an avenue for future research in the direction of mitigating the identified limitations.},
booktitle = {44th Euromicro Conference on Software Engineering and Advanced Applications, {SEAA} 2018, Prague, Czech Republic, Aug 29-31},
pages = {454--461},
year = {2018},
urlAuthor_version = {http://www.inf.puc-rio.br/~kalinowski/publications/VillamizarKVM18.pdf},
doi = {10.1109/SEAA.2018.00080},
}
Downloads: 21
{"_id":"B8JFwdE38MnW4Y2Kg","bibbaseid":"villamizar-kalinowski-viana-fernndez-asystematicmappingstudyonsecurityinagilerequirementsengineering-2018","downloads":21,"creationDate":"2018-05-17T21:38:48.559Z","title":"A Systematic Mapping Study on Security in Agile Requirements Engineering","author_short":["Villamizar, H.","Kalinowski, M.","Viana, M.","Fernández, D. M."],"year":2018,"bibtype":"inproceedings","biburl":"https://bibbase.org/f/2Gq6bNPQ845THHiMW/KalinowskiPapers.bib","bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"firstnames":["Hugo"],"propositions":[],"lastnames":["Villamizar"],"suffixes":[]},{"firstnames":["Marcos"],"propositions":[],"lastnames":["Kalinowski"],"suffixes":[]},{"firstnames":["Marx"],"propositions":[],"lastnames":["Viana"],"suffixes":[]},{"firstnames":["Daniel","Méndez"],"propositions":[],"lastnames":["Fernández"],"suffixes":[]}],"title":"A Systematic Mapping Study on Security in Agile Requirements Engineering","abstract":"[Background] The rapidly changing business environments in which many companies operate is challenging traditional Requirements Engineering (RE) approaches. This gave rise to agile approaches for RE. Security, at the same time, is an essential non-functional requirement that still tends to be difficult to address in agile development contexts. Given the fuzzy notion of “agile” in context of RE and the difficulties of appropriately handling security requirements, the overall understanding of how to handle security requirements in agile RE is still vague. [Objective] Our goal is to characterize the publication landscape of approaches that handle security requirements in agile software projects. [Method] We conducted a systematic mapping to outline relevant work and contemporary gaps for future research. [Results] In total, we identified 21 studies that met our inclusion criteria, dated from 2005 to 2017. We found that the approaches typically involve modifying agile methods, introducing new artifacts (e.g., extending the concept of user story to abuser story), or introducing guidelines to handle security issues. We also identified limitations of using these approaches related to environment, people, effort and resources. [Conclusion] Our analysis suggests that more effort needs to be invested into empirically evaluating the existing approaches and that there is an avenue for future research in the direction of mitigating the identified limitations.","booktitle":"44th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2018, Prague, Czech Republic, Aug 29-31","pages":"454–461","year":"2018","urlauthor_version":"http://www.inf.puc-rio.br/~kalinowski/publications/VillamizarKVM18.pdf","doi":"10.1109/SEAA.2018.00080","bibtex":"@inproceedings{VillamizarKVM18,\r\n author = {Hugo Villamizar and Marcos Kalinowski and Marx Viana and Daniel M{\\'{e}}ndez Fern{\\'{a}}ndez},\r\n title = {A Systematic Mapping Study on Security in Agile Requirements Engineering},\r\n abstract = {[Background] The rapidly changing business environments in which many companies operate is challenging traditional Requirements Engineering (RE) approaches. This gave rise to agile approaches for RE. Security, at the same time, is an essential non-functional requirement that still tends to be difficult to address in agile development contexts. Given the fuzzy notion of “agile” in context of RE and the difficulties of appropriately handling security requirements, the overall understanding of how to handle security requirements in agile RE is still vague. [Objective] Our goal is to characterize the publication landscape of approaches that handle security requirements in agile software projects. [Method] We conducted a systematic mapping to outline relevant work and contemporary gaps for future research. [Results] In total, we identified 21 studies that met our inclusion criteria, dated from 2005 to 2017. We found that the approaches typically involve modifying agile methods, introducing new artifacts (e.g., extending the concept of user story to abuser story), or introducing guidelines to handle security issues. We also identified limitations of using these approaches related to environment, people, effort and resources. [Conclusion] Our analysis suggests that more effort needs to be invested into empirically evaluating the existing approaches and that there is an avenue for future research in the direction of mitigating the identified limitations.},\r\n booktitle = {44th Euromicro Conference on Software Engineering and Advanced Applications, {SEAA} 2018, Prague, Czech Republic, Aug 29-31},\r\n pages = {454--461},\r\n year = {2018},\r\n urlAuthor_version = {http://www.inf.puc-rio.br/~kalinowski/publications/VillamizarKVM18.pdf},\r\n doi = {10.1109/SEAA.2018.00080},\r\n}\r\n\r\n","author_short":["Villamizar, H.","Kalinowski, M.","Viana, M.","Fernández, D. M."],"key":"VillamizarKVM18","id":"VillamizarKVM18","bibbaseid":"villamizar-kalinowski-viana-fernndez-asystematicmappingstudyonsecurityinagilerequirementsengineering-2018","role":"author","urls":{"Author version":"http://www.inf.puc-rio.br/~kalinowski/publications/VillamizarKVM18.pdf"},"metadata":{"authorlinks":{"kalinowski, m":"https://www-di.inf.puc-rio.br/~kalinowski/publications.html"}},"downloads":21,"html":""},"search_terms":["systematic","mapping","study","security","agile","requirements","engineering","villamizar","kalinowski","viana","fernández"],"keywords":[],"authorIDs":["2QsG9mfJnwX6MTuoJ"],"dataSources":["JhEx5LqjNuowkDTYw","vp6ff9ZJkhXGDuh9E","fNxekpJ4iGWMdJryo","9pcmykSJGPpiYGmJj","FPdHx2YNMWt6KHbaS","oL8GbjE74fizfjkxY","Wbj3iHa4hGsGjEGJE","q7rgFjFgwoTSGkm3G","aKfxcyv7C9p9ytdpG","9pAzChfPy53GguqQk","B8Jierr7smZsGa7Jb","tvqztEQv84agmtPEB","ZCce9uhx7vt9PXPrc","FGDKYBjH9upApdKoL"]}