Context and motivation. Agile development promotes flexibility and rapid delivery but often challenges the systematic treatment of non-functional requirements such as security. Ensuring security within fast-paced, iterative processes remains a persistent concern in both research and practice. Question/problem. This paper investigates how practitioners in agile settings experience and handle security requirements, which practices support their integration, and how responsibility for security is distributed across roles. Principal ideas/results. We report on a qualitative study with sixteen professionals across twelve Danish companies. Using reflexive thematic analysis, we found that security is widely acknowledged yet handled implicitly and often reactively. Teams rely on lightweight assurance practices such as testing, shared guidelines, and peer review, while prioritization typically increases only after incidents. Contribution. The study provides an empirically grounded view of how securit unfolds in everyday agile development, complementing prior work that focuses on frameworks, governance, or large-scale settings. It identifies routine practices that help make security more visible, actionable, and collectively owned within agile teams.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Security Under Pressure: How Agile Teams Experience and Manage Security Requirements

  • Dahlia Vingtoft Andreasen,
  • Oksana Kulyk,
  • Elda Paja

摘要

Context and motivation. Agile development promotes flexibility and rapid delivery but often challenges the systematic treatment of non-functional requirements such as security. Ensuring security within fast-paced, iterative processes remains a persistent concern in both research and practice. Question/problem. This paper investigates how practitioners in agile settings experience and handle security requirements, which practices support their integration, and how responsibility for security is distributed across roles. Principal ideas/results. We report on a qualitative study with sixteen professionals across twelve Danish companies. Using reflexive thematic analysis, we found that security is widely acknowledged yet handled implicitly and often reactively. Teams rely on lightweight assurance practices such as testing, shared guidelines, and peer review, while prioritization typically increases only after incidents. Contribution. The study provides an empirically grounded view of how securit unfolds in everyday agile development, complementing prior work that focuses on frameworks, governance, or large-scale settings. It identifies routine practices that help make security more visible, actionable, and collectively owned within agile teams.