• A Perception of the Practice of Software Security and Performance Verification 

      Ribeiro, Victor Vidigal; Cruzes, Daniela Soares; Travassos, Guilherme Horta (Journal article; Peer reviewed, 2018)
      Security and performance are critical nonfunctional requirements for software systems. Thus, it is crucial to include verification activities during software development to identify defects related to such requirements, ...
    • Accountability Requirements for the Cloud 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ...
    • Accountability Requirements in the Cloud Provider Chain 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ...
    • Behov knyttet til informasjonssikkerhet i forvaltningen - Prioritering av forventninger og behov knyttet til Difis nyopprettede kompetansemiljø for informasjonssikkerhet 

      Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares (SINTEF Rapport;, Research report, 2014)
      Denne rapporten kommer med anbefalinger til prioriterte aktiviteter for Difis nyopprettede kompetansesenter for informasjonssikkerhet. Anbefalingene er gjort på bakgrunn av resultatene fra fire fokusgrupper, samt en ...
    • Case studies synthesis: a thematic, cross-case, and narrative synthesis worked example 

      Cruzes, Daniela Soares; Dybå, Tore; Runeson, Per; Höst, Martin (Journal article; Peer reviewed, 2014)
      Case studies are largely used for investigating software engineering practices. They are characterized by their flexible nature, multiple forms of data collection, and are mostly informed by qualitative data. Synthesis of ...
    • Challenges and approaches of performing canonical action research in software security: research paper 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Oyetoyan, Tosin Daniel (Chapter, 2018)
      When studying work practices, it is important to obtain accurate and reliable information about how work is actually done. Action research is an interactive inquiry process that balances problemsolving actions implemented ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Collaborative security risk estimation in agile software development 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)
      Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security ...
    • Coopetition of software firms in open source software ecosystems 

      Nguyen Duc, Anh; Cruzes, Daniela Soares; Hanssen, Geir Kjetil; Snarby, Terje; Abrahamsson, Pekka Kalevi (Journal article; Peer reviewed, 2017)
      Software firms participate in an ecosystem as a part of their innovation strategy to extend value creation beyond the firm’s boundary. Participation in an open and independent environment also implies the competition among ...
    • Cybersecurity awareness for children: A systematic literature review 

      Quayyum, Farzana; Cruzes, Daniela Soares; Jaccheri, Maria Letizia (Peer reviewed; Journal article, 2021)
      Cybersecurity for children has received much attention and has become a rapidly growing topic due to the increased availability of the internet to children and their consequent exposure to various online risks. This paper ...
    • DevOps for Better Software Security in the Cloud 

      Jaatun, Martin Gilje; Cruzes, Daniela Soares; Luna, Jesus (Chapter, 2017)
      The DevOps paradigm means that development and operations for an organisation blend together. For security, this implies that information on detected attacks can be fed back to the development, enabling faster eradication ...
    • Do Software Firms Collaborate or Compete? A Model of Coopetition in Community-initiated OSS Projects 

      Nguyen Duc, Anh; Cruzes, Daniela Soares; Snarby, Terje; Abrahamsson, Pekka (Journal article; Peer reviewed, 2019)
      Background: An increasing number of commercial firms are participating in Open Source Software (OSS) projects to reduce their development cost and increase technical innovativeness. When collaborating with other firms whose ...
    • How is security testing done in agile teams? A cross-case analysis of four software teams 

      Cruzes, Daniela Soares; Felderer, Michael; Oyetoyan, Tosin Daniel; Gander, Matthias; Pekaric, Irdin (Journal article; Peer reviewed, 2017)
      Security testing can broadly be described as (1) the testing of security requirements that concerns confidentiality, integrity, availability, authentication, authorization, nonrepudiation and (2) the testing of the software ...
    • Modenhetskartlegging av programvaresikkerhet i offentlige virksomheter 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Cruzes, Daniela Soares (Research report, 2015)
      Difi ønsker å få en kartlegging av modenhet knyttet til informasjonssikkerhet i utvikling og anskaffelser av IKT-løsninger i offentlig sektor. Denne rapporten beskriver resultatene fra en spørreundersøkelse knyttet til i ...
    • Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital 

      Oyetoyan, Tosin Daniel; Milosheska, Bisera; Grini, Mari; Cruzes, Daniela Soares (Chapter, 2018)
      It is claimed that integrating agile and security in practice is challenging. There is the notion that security is a heavy process, requires expertise, and consumes developers’ time. These contrast with the agile vision. ...
    • Onboarding software developers and teams in three globally distributed legacy projects: A multi-case study 

      Britto, Ricardo; Cruzes, Daniela Soares; Šmite, Darja; Sablis, Aivars (Journal article; Peer reviewed, 2017)
      Onboarding is the process of supporting new employees regarding their social and performance adjustment to their new job. Software companies have faced challenges with recruitment and onboarding of new team members, and ...
    • System requirements-OSS components: matching and mismatch resolution practices – an empirical study 

      Ayala, Claudia; Nguyen Duc, Anh; Franch, Xavier; Höst, Martin; Conradi, Reidar; Cruzes, Daniela Soares; Ali Babar, Muhammand (Journal article; Peer reviewed, 2018)
      Developing systems by integrating Open Source Software (OSS) is increasingly gaining importance in the software industry. Although the literature claims that this approach highly impacts Requirements Engineering (RE) ...
    • Testing in a DevOps Era: Perceptions of Testers in Norwegian Organisations. 

      Cruzes, Daniela Soares; Melsnes, Kristin; Marczak, Sabrina (Lecture Notes in Computer Science (LNCS);, Chapter; Peer reviewed, 2019)
      To better understand the challenges encountered by testers in DevOps development, we have performed an empirical investigation of what are the trends and challenges for the testers in the DevOps environment. We have discussed ...
    • Threats to Validity in Empirical Software Security Research 

      Cruzes, Daniela Soares; ben Othmane, Lotfi (Chapter, 2017)
    • Understanding challenges to adoption of the Microsoft Elevation of Privilege game 

      Tøndel, Inger Anne; Oyetoyan, Tosin Daniel; Jaatun, Martin Gilje; Cruzes, Daniela Soares (Chapter, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to an active attacker. Threat modelling is considered to be a key activity, but can be challenging to perform ...