TY - GEN
T1 - Towards the integration of security practices in the software implementation process of ISO/IEC 29110
T2 - 24th European Conference on Systems, Software and Services Process Improvement, EuroSPI 2017
AU - Sánchez-Gordón, Mary Luz
AU - Colomo-Palacios, Ricardo
AU - Sánchez, Alex
AU - de Amescua Seco, Antonio
AU - Larrucea, Xabier
N1 - Publisher Copyright:
© 2017, Springer International Publishing AG.
PY - 2017
Y1 - 2017
N2 - Secure software practices are gradually gaining relevance among software practitioners and researchers. This is happening because today more than ever software is becoming part of our lives and cybercrimes are constantly appearing. Despite its importance, its current practice in the software industry is still scarce. Indeed, software security problems are divided 50/50 between bugs and flaws. In particular, it remains a significant challenge for software practitioners in small software companies. Therefore, there is a need to support small companies in changing their existing ways of work to integrate these new and unfamiliar practices. The aim of this study is twofold. First, to help building an awareness of the software security process among practitioners in small companies. Second, to help the integration of these practices with software implementation process of ISO/IEC 29110 which results in an extension of the latter with additional activities identified from the industry best practices. Nevertheless, the extension proposal is to be performed selectively, based on the value of the software as an asset to the stakeholders and on stakeholders needs.
AB - Secure software practices are gradually gaining relevance among software practitioners and researchers. This is happening because today more than ever software is becoming part of our lives and cybercrimes are constantly appearing. Despite its importance, its current practice in the software industry is still scarce. Indeed, software security problems are divided 50/50 between bugs and flaws. In particular, it remains a significant challenge for software practitioners in small software companies. Therefore, there is a need to support small companies in changing their existing ways of work to integrate these new and unfamiliar practices. The aim of this study is twofold. First, to help building an awareness of the software security process among practitioners in small companies. Second, to help the integration of these practices with software implementation process of ISO/IEC 29110 which results in an extension of the latter with additional activities identified from the industry best practices. Nevertheless, the extension proposal is to be performed selectively, based on the value of the software as an asset to the stakeholders and on stakeholders needs.
KW - CSSLP
KW - ISO/IEC 29110
KW - S-SDLC
KW - Small companies
KW - Software security
KW - VSE
UR - http://www.scopus.com/inward/record.url?scp=85030636144&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-64218-5_1
DO - 10.1007/978-3-319-64218-5_1
M3 - Conference contribution
AN - SCOPUS:85030636144
SN - 9783319642178
T3 - Communications in Computer and Information Science
SP - 3
EP - 14
BT - Systems, Software and Services Process Improvement - 24th European Conference, EuroSPI 2017, Proceedings
A2 - Messnarz, Richard
A2 - Stolfa, Jakub
A2 - Stolfa, Svatopluk
A2 - O’Connor, Rory V.
PB - Springer Verlag
Y2 - 6 September 2017 through 8 September 2017
ER -