Towards the integration of security practices in the software implementation process of ISO/IEC 29110: A mapping

Mary Luz Sánchez-Gordón, Ricardo Colomo-Palacios, Alex Sánchez, Antonio de Amescua Seco, Xabier Larrucea

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Citations (Scopus)

Abstract

Secure software practices are gradually gaining relevance among software practitioners and researchers. This is happening because today more than ever software is becoming part of our lives and cybercrimes are constantly appearing. Despite its importance, its current practice in the software industry is still scarce. Indeed, software security problems are divided 50/50 between bugs and flaws. In particular, it remains a significant challenge for software practitioners in small software companies. Therefore, there is a need to support small companies in changing their existing ways of work to integrate these new and unfamiliar practices. The aim of this study is twofold. First, to help building an awareness of the software security process among practitioners in small companies. Second, to help the integration of these practices with software implementation process of ISO/IEC 29110 which results in an extension of the latter with additional activities identified from the industry best practices. Nevertheless, the extension proposal is to be performed selectively, based on the value of the software as an asset to the stakeholders and on stakeholders needs.

Original languageEnglish
Title of host publicationSystems, Software and Services Process Improvement - 24th European Conference, EuroSPI 2017, Proceedings
EditorsRichard Messnarz, Jakub Stolfa, Svatopluk Stolfa, Rory V. O’Connor
PublisherSpringer Verlag
Pages3-14
Number of pages12
ISBN (Print)9783319642178
DOIs
Publication statusPublished - 2017
Event24th European Conference on Systems, Software and Services Process Improvement, EuroSPI 2017 - Ostrava, Czech Republic
Duration: 6 Sept 20178 Sept 2017

Publication series

NameCommunications in Computer and Information Science
Volume748
ISSN (Print)1865-0929

Conference

Conference24th European Conference on Systems, Software and Services Process Improvement, EuroSPI 2017
Country/TerritoryCzech Republic
CityOstrava
Period6/09/178/09/17

Keywords

  • CSSLP
  • ISO/IEC 29110
  • S-SDLC
  • Small companies
  • Software security
  • VSE

Fingerprint

Dive into the research topics of 'Towards the integration of security practices in the software implementation process of ISO/IEC 29110: A mapping'. Together they form a unique fingerprint.

Cite this