Care and Feeding of Your Security Champion
Chapter, Peer reviewed
Accepted version
Date
2021Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - SINTEF AS [5911]
- SINTEF Digital [2550]
Original version
2021 international conference on cyber situational awareness, data analytics and assessment :CyberSA 2021 : Trustworthy and transparent AIAbstract
In agile software development, adoption of security practices poses challenges, often because security activities are not prioritized, or because the practitioners are not able to see the relevance and importance of the activities to the improvement of the security in the project. In many teams, security activities can be seen as an innovation and as such, there is a need for a champion to realize these innovations in the teams. Security champions make software security possible. Even though all developers need to know a minimum of software security, every team needs someone to lean on when the ride gets rough – and that person is the security champion. In this paper we present the results of a case study with security champions and possible steps for establishing and maintaining this role in agile teams.