Security Under Pressure: How Agile Teams Experience and Manage Security Requirements
摘要
Context and motivation. Agile development promotes flexibility and rapid delivery but often challenges the systematic treatment of non-functional requirements such as security. Ensuring security within fast-paced, iterative processes remains a persistent concern in both research and practice. Question/problem. This paper investigates how practitioners in agile settings experience and handle security requirements, which practices support their integration, and how responsibility for security is distributed across roles. Principal ideas/results. We report on a qualitative study with sixteen professionals across twelve Danish companies. Using reflexive thematic analysis, we found that security is widely acknowledged yet handled implicitly and often reactively. Teams rely on lightweight assurance practices such as testing, shared guidelines, and peer review, while prioritization typically increases only after incidents. Contribution. The study provides an empirically grounded view of how securit unfolds in everyday agile development, complementing prior work that focuses on frameworks, governance, or large-scale settings. It identifies routine practices that help make security more visible, actionable, and collectively owned within agile teams.