Collaborative security risk estimation in agile software development
Journal article, Peer reviewed
Accepted version
Date
2019Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - SINTEF AS [5867]
- SINTEF Digital [2536]
Original version
10.1108/ICS-12-2018-0138Abstract
Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated by a desire to understand why security risk assessments have not yet gained widespread adoption in agile development, this study aims to assess to what extent the Protection Poker game would be accepted by agile teams and how it can be successfully integrated into the agile practices.