Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital
| dc.contributor.author | Oyetoyan, Tosin Daniel | |
| dc.contributor.author | Milosheska, Bisera | |
| dc.contributor.author | Grini, Mari | |
| dc.contributor.author | Cruzes, Daniela Soares | |
| dc.date.accessioned | 2018-06-11T12:12:36Z | |
| dc.date.available | 2018-06-11T12:12:36Z | |
| dc.date.created | 2018-06-07T10:58:46Z | |
| dc.date.issued | 2018 | |
| dc.identifier.citation | Agile Processes in Software Engineering and Extreme Programming, 19th International Conference, XP 2018, Proceedings, 86-103 | nb_NO |
| dc.identifier.isbn | 978-3-319-91601-9 | |
| dc.identifier.uri | http://hdl.handle.net/11250/2501153 | |
| dc.description.abstract | It is claimed that integrating agile and security in practice is challenging. There is the notion that security is a heavy process, requires expertise, and consumes developers’ time. These contrast with the agile vision. Regardless of these challenges, it is important for organizations to address security within their agile processes since critical assets must be protected against attacks. One way is to integrate tools that could help to identify security weaknesses during implementation and suggest methods to refactor them. We used quantitative and qualitative approaches to investigate the efficiency of the tools and what they mean to the actual users (i.e. developers) at Telenor Digital. Our findings, although not surprising, show that several barriers exist both in terms of tool’s performance and developers’ perceptions. We suggest practical ways for improvement. | nb_NO |
| dc.language.iso | eng | nb_NO |
| dc.relation.ispartof | Agile Processes in Software Engineering and Extreme Programming, 19th International Conference, XP 2018, Proceedings | |
| dc.rights | Navngivelse 4.0 Internasjonal | * |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/deed.no | * |
| dc.title | Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital | nb_NO |
| dc.type | Chapter | nb_NO |
| dc.description.version | publishedVersion | nb_NO |
| dc.source.pagenumber | 86-103 | nb_NO |
| dc.identifier.cristin | 1589634 | |
| dc.relation.project | Norges forskningsråd: 247678 | nb_NO |
| cristin.unitcode | 7401,90,13,0 | |
| cristin.unitname | Systemutvikling og sikkerhet | |
| cristin.ispublished | true | |
| cristin.fulltext | original | |
| cristin.qualitycode | 1 |
Tilhørende fil(er)
Denne innførselen finnes i følgende samling(er)
-
Publikasjoner fra CRIStin - SINTEF AS [5649]
-
SINTEF Digital [2383]
Med mindre annet er angitt, så er denne innførselen lisensiert som Navngivelse 4.0 Internasjonal