{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T08:22:05Z","timestamp":1777278125457,"version":"3.51.4"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030587925","type":"print"},{"value":"9783030587932","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58793-2_28","type":"book-chapter","created":{"date-parts":[[2020,8,30]],"date-time":"2020-08-30T23:04:02Z","timestamp":1598828642000},"page":"343-357","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Secure Agile Software Development: Policies and Practices for Agile Teams"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0794-2688","authenticated-orcid":false,"given":"Carlos Magnum M.","family":"Bezerra","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6890-2914","authenticated-orcid":false,"given":"Suzana C. B.","family":"Sampaio","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9575-8161","authenticated-orcid":false,"given":"Marcelo L. M.","family":"Marinho","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,8,31]]},"reference":[{"key":"28_CR1","unstructured":"13th annual state of agile development survey. https:\/\/explore.versionone.com\/state-of-agile\/13th-annual-state-of-agile-report. Accessed 01 Dec 2019"},{"key":"28_CR2","doi-asserted-by":"crossref","unstructured":"Adelyar, S.H., Norta, A.: Towards a secure agile software development process. In: 10th International Conference on the Quality of Information and Communications Technology (QUATIC), pp. 101\u2013106. IEEE (2016)","DOI":"10.1109\/QUATIC.2016.028"},{"key":"28_CR3","unstructured":"Agile Alliance (2019). https:\/\/www.agilealliance.org\/. Accessed 28 Nov 2019"},{"key":"28_CR4","doi-asserted-by":"crossref","unstructured":"Azham, Z., Ghani, I., Ithnin, N.: Security backlog in scrum security practices. In: Malaysian Conference in Software Engineering, pp. 414\u2013417. IEEE (2011)","DOI":"10.1109\/MySEC.2011.6140708"},{"key":"28_CR5","doi-asserted-by":"crossref","unstructured":"Baca, D., Carlsson, B.: Agile development with security engineering activities. In: International Conference on Software and Systems Process, pp. 149\u2013158. ACM (2011)","DOI":"10.1145\/1987875.1987900"},{"key":"28_CR6","doi-asserted-by":"crossref","unstructured":"Bansal, S.K., Jolly, A.: An encyclopedic approach for realization of security activities with agile methodologies. In: 5th International Conference - Confluence The Next Generation Information Technology Summit (Confluence), pp. 767\u2013772. IEEE (2014)","DOI":"10.1109\/CONFLUENCE.2014.6949242"},{"key":"28_CR7","doi-asserted-by":"crossref","unstructured":"Barbosa, D.A., Sampaio, S.: Guide to the support for the enhancement of security measures in agile projects. In: 2015 6th Brazilian Workshop on Agile Methods (WBMA), pp. 25\u201331. IEEE (2015)","DOI":"10.1109\/WBMA.2015.9"},{"key":"28_CR8","doi-asserted-by":"crossref","unstructured":"Bartsch, S.: Practitioners\u2019 perspectives on security in agile development. In: 6th International Conference on Availability, Reliability and Security, pp. 479\u2013484. IEEE (2011)","DOI":"10.1109\/ARES.2011.82"},{"key":"28_CR9","volume-title":"Extreme Programming Explained: Embrace Change","author":"K Beck","year":"2000","unstructured":"Beck, K.: Extreme Programming Explained: Embrace Change. Addison-Wesley Professional, Boston (2000)"},{"key":"28_CR10","doi-asserted-by":"crossref","unstructured":"Bernhart, M., Mauczka, A., Grechenig, T.: Adopting code reviews for agile software development. In: Agile Conference, pp. 44\u201347. IEEE (2010)","DOI":"10.1109\/AGILE.2010.18"},{"key":"28_CR11","doi-asserted-by":"crossref","unstructured":"Beznosov, K., Kruchten, P.: Towards agile security assurance. In: Workshop on New Security paradigms, pp. 47\u201354. ACM (2004)","DOI":"10.1145\/1065907.1066034"},{"key":"28_CR12","doi-asserted-by":"crossref","unstructured":"Bodden, E.: State of the systems security. In: 40th International Conference on Software Engineering: Companion Proceedings, pp. 550\u2013551. ACM (2018)","DOI":"10.1145\/3183440.3183462"},{"key":"28_CR13","doi-asserted-by":"crossref","unstructured":"Bostr\u00f6m, G., W\u00e4yrynen, J., Bod\u00e9n, M., Beznosov, K., Kruchten, P.: Extending XP practices to support security requirements engineering. In: International Workshop on Software Engineering for Secure Systems, pp. 11\u201318. ACM (2006)","DOI":"10.1145\/1137627.1137631"},{"issue":"10","key":"28_CR14","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1109\/MC.2014.284","volume":"47","author":"JP Bowen","year":"2014","unstructured":"Bowen, J.P., Hinchey, M., Janicke, H., Ward, M., Zedan, H.: Formality, agility, security, and evolution in software development. Computer 47(10), 86\u201389 (2014)","journal-title":"Computer"},{"key":"28_CR15","doi-asserted-by":"crossref","unstructured":"Ch\u00f3liz, J., Vilas, J., Moreira, J.: Independent security testing on agile software development: a case study in a software company. In: 10th International Conference on Availability, Reliability and Security, pp. 522\u2013531. IEEE (2015)","DOI":"10.1109\/ARES.2015.79"},{"key":"28_CR16","doi-asserted-by":"crossref","unstructured":"Choudhary, B., Rakesh, S.K.: An approach using agile method for software development. In: International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH), pp. 155\u2013158. IEEE (2016)","DOI":"10.1109\/ICICCS.2016.7542304"},{"key":"28_CR17","unstructured":"Common Criteria (2019). https:\/\/www.commoncriteriaportal.org\/. Accessed 19 Nov 2019"},{"key":"28_CR18","unstructured":"Comprehensive Lightweight Application Security Process (CLASP) (2019). https:\/\/www.owasp.org\/index.php\/CLASP_Concepts. Accessed 19 Nov 2019"},{"key":"28_CR19","doi-asserted-by":"crossref","unstructured":"Essafi, M., Labed, L., Ghezala, H.B.: Towards a comprehensive view of secure software engineering. In: The International Conference on Emerging Security Information, Systems, and Technologies, pp. 181\u2013186. IEEE (2007)","DOI":"10.1109\/SECUREWARE.2007.4385331"},{"key":"28_CR20","doi-asserted-by":"crossref","unstructured":"Franqueira, V.N., Bakalova, Z., Tun, T.T., Daneva, M.: Towards agile security risk management in re and beyond. In: Workshop on Empirical Requirements Engineering (EmpiRE 2011), pp. 33\u201336. IEEE (2011)","DOI":"10.1109\/EmpiRE.2011.6046253"},{"key":"28_CR21","unstructured":"General Data Protection Regulation (GDPR) (2018). https:\/\/gdpr-info.eu\/. Accessed 23 Nov 2019"},{"issue":"8","key":"28_CR22","first-page":"3032","volume":"10","author":"SL Kanniah","year":"2016","unstructured":"Kanniah, S.L., Mahrin, M.N.: A review on factors influencing implementation of secure software development practices. Int. J. Comput. Syst. Eng. 10(8), 3032\u20133039 (2016)","journal-title":"Int. J. Comput. Syst. Eng."},{"key":"28_CR23","doi-asserted-by":"crossref","unstructured":"Keramati, H., Mirian-Hosseinabadi, S.H.: Integrating software development security activities with agile methodologies. In: International Conference on Computer Systems and Applications, pp. 749\u2013754. IEEE\/ACS (2008)","DOI":"10.1109\/AICCSA.2008.4493611"},{"key":"28_CR24","unstructured":"Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering. Technical report, EBSE Technical Report EBSE-2007-01 (2007)"},{"key":"28_CR25","unstructured":"Kothari, C.R.: Research Methodology: Methods and Techniques. New Age International (2004)"},{"key":"28_CR26","unstructured":"Lei geral de prote\u00e7\u00e3o a dados (LGPD) (2019). http:\/\/www.planal-to.gov.br\/ccivil_03\/_ato2015-2018\/2018\/lei\/L13709.htm. Accessed 23 Nov 2019"},{"key":"28_CR27","unstructured":"Microsoft Secure Development Lifecycle (2019). https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/practices. Accessed 19 Nov 2019"},{"key":"28_CR28","doi-asserted-by":"crossref","unstructured":"Munetoh, S., Yoshioka, N.: RAILROADMAP: an agile security testing framework for web-application development. In: 6th International Conference on Software Testing, Verification and Validation, pp. 491\u2013492. IEEE (2013)","DOI":"10.1109\/ICST.2013.80"},{"issue":"3","key":"28_CR29","doi-asserted-by":"publisher","first-page":"71","DOI":"10.4018\/jsse.2010070105","volume":"1","author":"T Nicolaysen","year":"2010","unstructured":"Nicolaysen, T., Sasson, R., Line, M.B., Jaatun, M.G.: Agile software development: the straight and narrow path to secure software? Int. J. Secure Softw. Eng. (IJSSE) 1(3), 71\u201385 (2010)","journal-title":"Int. J. Secure Softw. Eng. (IJSSE)"},{"key":"28_CR30","doi-asserted-by":"crossref","unstructured":"Oueslati, H., Rahman, M.M., ben Othmane, L.: Literature review of the challenges of developing secure software using the agile approach. In: 10th International Conference on Availability, Reliability and Security, pp. 540\u2013547. IEEE (2015)","DOI":"10.1109\/ARES.2015.69"},{"key":"28_CR31","unstructured":"Open Web Application Security Project OWASP (2019). https:\/\/www.owasp.org\/index.php\/Main_Page. Accessed 23 Nov 2019"},{"key":"28_CR32","doi-asserted-by":"crossref","unstructured":"Oyetoyan, T.D., Cruzes, D.S., Jaatun, M.G.: An empirical study on the relationship between software security skills, usage and training needs in agile settings. In: 11th International Conference on Availability, Reliability and Security, pp. 548\u2013555. IEEE (2016)","DOI":"10.1109\/ARES.2016.103"},{"key":"28_CR33","unstructured":"Project zero (2019). https:\/\/googleprojectzero.blogspot.com\/. Accessed 23 Nov 2019"},{"key":"28_CR34","unstructured":"Singhal, A.: Integration analysis of security activities from the perspective of agility. In: Agile India, pp. 40\u201347. IEEE (2012)"},{"key":"28_CR35","unstructured":"Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: 38th Annual Hawaii International Conference on System Sciences, pp. 185a\u2013185a. IEEE (2005)"},{"key":"28_CR36","doi-asserted-by":"crossref","unstructured":"Sodanil, M., Quirchmayr, G., Porrawatpreyakorn, N., Tjoa, A.M.: A knowledge transfer framework for secure coding practices. In: 12th International Joint Conference on Computer Science and Software Engineering (JCSSE), pp. 120\u2013125. IEEE (2015)","DOI":"10.1109\/JCSSE.2015.7219782"},{"key":"28_CR37","doi-asserted-by":"crossref","unstructured":"Stoica, M., Mircea, M., Ghilic-Micu, B.: Software development: agile vs. traditional. Informatica Economica 17(4) (2013)","DOI":"10.12948\/issn14531305\/17.4.2013.06"},{"key":"28_CR38","unstructured":"Sutherland, J., Schwaber, K.: The definitive guide to scrum: the rules of the game. Scrum.org 268 (2013)"},{"key":"28_CR39","doi-asserted-by":"crossref","unstructured":"Terpstra, E., Daneva, M., Wang, C.: Agile practitioners\u2019 understanding of security requirements: insights from a grounded theory analysis. In: 25th International Requirements Engineering Conference Workshops (REW), pp. 439\u2013442. IEEE (2017)","DOI":"10.1109\/REW.2017.54"},{"key":"28_CR40","doi-asserted-by":"crossref","unstructured":"Villamizar, H., Kalinowski, M., Viana, M., Fern\u00e1ndez, D.: A systematic mapping study on security in agile requirements engineering. In: 44th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 454\u2013461. IEEE (2018)","DOI":"10.1109\/SEAA.2018.00080"},{"key":"28_CR41","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1016\/j.cose.2013.04.004","volume":"38","author":"R Von Solms","year":"2013","unstructured":"Von Solms, R., Van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97\u2013102 (2013)","journal-title":"Comput. Secur."},{"key":"28_CR42","unstructured":"Vulnerability Scanning Tools (2001). https:\/\/www.owasp.org\/index.php\/Category:Vulnerability_Scanning_Tools. Accessed 23 Nov 2019"},{"key":"28_CR43","doi-asserted-by":"crossref","unstructured":"Wang, W., Gupta, A., Niu, N.: Mining security requirements from common vulnerabilities and exposures for agile projects. In: 1st International Workshop on Quality Requirements in Agile Projects (QuaRAP), pp. 6\u20139. IEEE (2018)","DOI":"10.1109\/QuaRAP.2018.00007"},{"issue":"3","key":"28_CR44","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2010.58","volume":"8","author":"L Williams","year":"2010","unstructured":"Williams, L., Meneely, A., Shipley, G.: Protection poker: the new software security game. IEEE Secur. Priv. 8(3), 14\u201320 (2010)","journal-title":"IEEE Secur. Priv."}],"container-title":["Communications in Computer and Information Science","Quality of Information and Communications Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58793-2_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,12]],"date-time":"2024-08-12T21:13:16Z","timestamp":1723497196000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58793-2_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030587925","9783030587932"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58793-2_28","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"31 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"QUATIC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Quality of Information and Communications Technology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Faro","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Portugal","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"quatic2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2020.quatic.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"81","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}