"We intend to eliminate human-factor errors during the development phase of software. Based on literature, this part of agile has received relatively low attention from other researchers in the field," the author said. The major finding of the study is a set of security- challenges and benefits in the developer- and customer activities of agile software development. "We identify security challenges, the most frequent security challenges, and agile phases that have a high degree of security challenges. Furthermore, we identify agile security benefits, tasks that improve security benefits, and agile practices that have a high degree of security benefits. For each challenge and benefit, we identify the related agile practices to be considered. Our findings indicate that using the AAOM method secures software by isolating the identified security challenges from developer- and customer activities and by integrating the identified security benefits into those activities," he added.
Our holistic approach reduces the human-factor based errors during the agile software development. "Our study represents a new perspective for integrating security into agile software development by studying the behaviors and characteristics of developers during software development. This is motivated by the fact that such challenges and benefits in software development are not only a technical issue, but a sociotechnical problem due to the involvement of software developers, customers and agile practices, "Hassan Adelyar explained. "Therefore, AAOM is suitable for raising security awareness of developers in order to integrate security requirements into agile software development."
"We conduct an empirical study by using direct data collection methods such as interviews and focus groups for identifying security challenges and benefits. The results of our study enable agile developers to identify the security-related parts and tasks of the software- development process and consequently raise the awareness of software developers," the author said. This way, the results of the study provide new insights to researchers for examining the security of developer- and customer activities and for mitigating insider threats during the software development phase. Agile focuses on human interactions and characteristics and recognizes people as the primary drivers for software success. Therefore, investigating the effect of the human factor on software security reduces errors by the developers and customers, consequently improving the security of the developed software. "In light of this, we consider our study as presenting a novel approach to identifying the security-related challenges and benefits of the developer- and customer activities for agile software development," he added.
The public defence of the doctoral thesis "Secure Agile Agent-Oriented Software Development" will take place on July 6th at 15 at room M-632 (Uus-Sadama St 5). The dissertation was supervised by Associate Professor Alexander Horst Norta (Tallinn University of Technology). The reviewers are Prof. Pekka Abrahamsson (University of Jyväskylä) and Prof. Raimundas Matulevicius (University of Tartu). The defence is held in English.
The full thesis can be read at the TU Academic Library e-depository ETERA.