| dc.contributor.author | Tøndel, Inger Anne | |
| dc.contributor.author | Jaatun, Martin Gilje | |
| dc.contributor.author | Cruzes, Daniela Soares | |
| dc.contributor.author | Oyetoyan, Tosin Daniel | |
| dc.date.accessioned | 2020-05-06T07:44:40Z | |
| dc.date.available | 2020-05-06T07:44:40Z | |
| dc.date.created | 2019-02-04T12:32:03Z | |
| dc.date.issued | 2019 | |
| dc.identifier.isbn | 978-3-030-12786-2 | |
| dc.identifier.issn | 0302-9743 | |
| dc.identifier.uri | https://hdl.handle.net/11250/2653417 | |
| dc.description | The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-030-12786-2_10 | en_US |
| dc.description.abstract | Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited adoption of these techniques. In this paper we describe a case study on challenges facing adoption of the Protection Poker game; a collaborative and lightweight software security risk estimation technique that is particularly suited for agile teams. Results show that Protection Poker has the potential to be adopted by agile teams. Key benefits identified include good discussions on security and the development project, increased knowledge and awareness of security, and contributions to security requirements. Challenges include managing discussions and the time it takes to play, ensuring confidence in the results from playing the game, and integrating results in a way that improves security of the end-product. | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Springer | en_US |
| dc.relation.ispartof | Computer Security ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, Revised Selected Papers | |
| dc.relation.ispartofseries | Lecture Notes in Computer Science (LNCS); | |
| dc.subject | Agile projects | en_US |
| dc.subject | Security requirements | en_US |
| dc.subject | Protection Poker | en_US |
| dc.subject | Risk estimation | en_US |
| dc.title | Understanding Challenges to Adoption of the Protection Poker Software Security Game | en_US |
| dc.type | Chapter | en_US |
| dc.type | Peer reviewed | en_US |
| dc.description.version | acceptedVersion | en_US |
| dc.source.pagenumber | 153-172 | en_US |
| dc.source.volume | 11387 | en_US |
| dc.source.journal | Lecture Notes in Computer Science (LNCS) | en_US |
| dc.identifier.cristin | 1673017 | |
| dc.relation.project | Norges forskningsråd: 247678 | en_US |
| cristin.unitcode | 7401,90,13,0 | |
| cristin.unitname | Software Engineering, Safety and Security | |
| cristin.ispublished | true | |
| cristin.fulltext | postprint | |
| cristin.qualitycode | 1 | |
