Browsing SINTEF Open by Author "Cruzes, Daniela Soares"
Now showing items 1-20 of 27
-
A Perception of the Practice of Software Security and Performance Verification
Ribeiro, Victor Vidigal; Cruzes, Daniela Soares; Travassos, Guilherme Horta (Journal article; Peer reviewed, 2018)Security and performance are critical nonfunctional requirements for software systems. Thus, it is crucial to include verification activities during software development to identify defects related to such requirements, ... -
Accountability Requirements for the Cloud
Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ... -
Accountability Requirements in the Cloud Provider Chain
Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ... -
Achieving "Good Enough" Software Security: The Role of Objectivity
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ... -
Achieving "Good Enough" Software Security: The Role of Objectivity
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ... -
Behov knyttet til informasjonssikkerhet i forvaltningen - Prioritering av forventninger og behov knyttet til Difis nyopprettede kompetansemiljø for informasjonssikkerhet
Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares (SINTEF Rapport;, Research report, 2014)Denne rapporten kommer med anbefalinger til prioriterte aktiviteter for Difis nyopprettede kompetansesenter for informasjonssikkerhet. Anbefalingene er gjort på bakgrunn av resultatene fra fire fokusgrupper, samt en ... -
Care and Feeding of Your Security Champion
Jaatun, Martin Gilje; Cruzes, Daniela Soares (Chapter; Peer reviewed, 2021)In agile software development, adoption of security practices poses challenges, often because security activities are not prioritized, or because the practitioners are not able to see the relevance and importance of the ... -
Case studies synthesis: a thematic, cross-case, and narrative synthesis worked example
Cruzes, Daniela Soares; Dybå, Tore; Runeson, Per; Höst, Martin (Journal article; Peer reviewed, 2014)Case studies are largely used for investigating software engineering practices. They are characterized by their flexible nature, multiple forms of data collection, and are mostly informed by qualitative data. Synthesis of ... -
Challenges and approaches of performing canonical action research in software security: research paper
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Oyetoyan, Tosin Daniel (Chapter, 2018)When studying work practices, it is important to obtain accurate and reliable information about how work is actually done. Action research is an interactive inquiry process that balances problemsolving actions implemented ... -
Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ... -
Collaborative security risk estimation in agile software development
Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security ... -
Coopetition of software firms in open source software ecosystems
Nguyen Duc, Anh; Cruzes, Daniela Soares; Hanssen, Geir Kjetil; Snarby, Terje; Abrahamsson, Pekka Kalevi (Journal article; Peer reviewed, 2017)Software firms participate in an ecosystem as a part of their innovation strategy to extend value creation beyond the firm’s boundary. Participation in an open and independent environment also implies the competition among ... -
Cybersecurity awareness for children: A systematic literature review
Quayyum, Farzana; Cruzes, Daniela Soares; Jaccheri, Maria Letizia (Peer reviewed; Journal article, 2021)Cybersecurity for children has received much attention and has become a rapidly growing topic due to the increased availability of the internet to children and their consequent exposure to various online risks. This paper ... -
DevOps for Better Software Security in the Cloud
Jaatun, Martin Gilje; Cruzes, Daniela Soares; Luna, Jesus (Chapter, 2017)The DevOps paradigm means that development and operations for an organisation blend together. For security, this implies that information on detected attacks can be fed back to the development, enabling faster eradication ... -
Do Software Firms Collaborate or Compete? A Model of Coopetition in Community-initiated OSS Projects
Nguyen Duc, Anh; Cruzes, Daniela Soares; Snarby, Terje; Abrahamsson, Pekka (Journal article; Peer reviewed, 2019)Background: An increasing number of commercial firms are participating in Open Source Software (OSS) projects to reduce their development cost and increase technical innovativeness. When collaborating with other firms whose ... -
How is security testing done in agile teams? A cross-case analysis of four software teams
Cruzes, Daniela Soares; Felderer, Michael; Oyetoyan, Tosin Daniel; Gander, Matthias; Pekaric, Irdin (Journal article; Peer reviewed, 2017)Security testing can broadly be described as (1) the testing of security requirements that concerns confidentiality, integrity, availability, authentication, authorization, nonrepudiation and (2) the testing of the software ... -
Influencing the security prioritisation of an agile software development project
Tøndel, Inger Anne; Cruzes, Daniela Soares; JAATUN, Martin Gilje; Sindre, Guttorm (Peer reviewed; Journal article, 2022)Software security is a complex topic, and for development projects it can be challenging to assess what security is necessary and cost-effective. Agile Software Development (ASD) values self-management. Thus, teams and ... -
A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams
Oyetoyan, Tosin Daniel; Jaatun, Martin Gilje; Cruzes, Daniela Soares (Peer reviewed; Journal article, 2017)Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the ... -
Modenhetskartlegging av programvaresikkerhet i offentlige virksomheter
Jaatun, Martin Gilje; Tøndel, Inger Anne; Cruzes, Daniela Soares (Research report, 2015)Difi ønsker å få en kartlegging av modenhet knyttet til informasjonssikkerhet i utvikling og anskaffelser av IKT-løsninger i offentlig sektor. Denne rapporten beskriver resultatene fra en spørreundersøkelse knyttet til i ... -
Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital
Oyetoyan, Tosin Daniel; Milosheska, Bisera; Grini, Mari; Cruzes, Daniela Soares (Chapter, 2018)It is claimed that integrating agile and security in practice is challenging. There is the notion that security is a heavy process, requires expertise, and consumes developers’ time. These contrast with the agile vision. ...