Integrating security within agile software development
InformationFörfattare: Rasmus Andersson, Carl Edström
Beräknat färdigt: 2022-06
Handledare: David Need
Handledares företag/institution: LM Ericsson AB
Ämnesgranskare: Anders Arweström Jansson
PresentationerPresentation av Rasmus Andersson
Presentationstid: 2022-06-02 17:15
Presentation av Carl Edström
Presentationstid: 2022-06-02 18:15
Opponenter: Christine Arkbo, Albin Åbrink
Ericsson security directives have recently been re-worked to apply to modern security requirements. For Ericsson’s software development teams, security tools have been implemented into the daily workflow to follow these new directives. Before, security mainly was considered during the reviews and scheduled assessments of the software projects. The goal of these new tools is to add security to every part of the software development process by adding automatic vulnerability scans of the project’s codebase.
However, adding tools to the developer’s workflow can create inertia and friction in daily work. Research suggests that linked processes and methods should be put in place to achieve desirable results from the implemented tools and be integrated into the team’s agile methodologies. We intend to examine the developer’s relation and usage of these tools and the methods in which the tools exist.
As for data collection, a pre-study and a case study were applied to a team at Ericsson. The data was collected through qualitative surveys conducted on twelve proven factors regarding successfulness in work implementations. The data was then analysed through the Gioia methodology by compiling the collected data into 1st order concepts and linking them to familiar 2nd order themes. These themes were then translated into aggregate dimensions synthesised from the study’s theoretical framework.