Security Practices in Agile Software Development


We are researchers at Virginia Tech exploring ways to improve the behavior, productivity, and decision-making of software engineers. This study seeks to learn about security practices adopted by developers using agile development methodologies. Software security is an important quality of systems and is useful for protecting software against malicious attacks and other risks. However, research suggests developers often fail to adopt security processes in practice, leading to vulnerable software. As software engineering moves from sequential processes to iterative software development (i.e. agile), security practices should be more easily incorporated into the development process. However, with agile emphasizing more person-to-person communication rather than heavy documentation, the incorporation of traditional security activities into agile processes can be difficult. We plan to collect data from software professionals on their experiences working with various security practices to investigate processes and challenges they may face when incorporating security into agile software development, with the goal of providing methods to increase the security and robustness of software systems without negatively impacting developer productivity. Please find additional details and a link to the survey below:

Purpose: Eligibility: Procedures: Human Research Review:

More information about this research is available upon request. If you have additional questions or concerns about the research, please contact the primary investigator Dr. Chris Brown (dcbrown@vt.edu).

To participate in this study, please access the survey at the following link: https://virginiatech.questionpro.com/t/AVVuDZsTeq