A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams

Software security does not emerge fully formed by divine intervention in deserving software development organizations; it requires that developers have the required theoretical background and practical skills to enable them to write secure software, and that the software security activities are actually performed, not just documented procedures that sit gathering dust on a shelf. In this chapter, the authors present a survey instrument that can be used to investigate software security usage, competence, and training needs in agile organizations. They present results of using this instrument in two organizations. They find that regardless of cost or benefit, skill drives the kind of activities that are performed, and secure design may be the most important training need.

Download Full-text

Measuring Developers' Software Security Skills, Usage, and Training Needs

10.4018/978-1-6684-3702-5.ch097 ◽

2022 ◽

pp. 2026-2048

Author(s):

Tosin Daniel Oyetoyan ◽

Martin Gilje Gilje Jaatun ◽

Daniela Soares Cruzes

Keyword(s):

Software Development ◽

Software Security ◽

Training Needs ◽

Theoretical Background ◽

Practical Skills ◽

Divine Intervention ◽

Development Organizations ◽

Secure Software ◽

Training Need ◽

And Training

Software security does not emerge fully formed by divine intervention in deserving software development organizations; it requires that developers have the required theoretical background and practical skills to enable them to write secure software, and that the software security activities are actually performed, not just documented procedures that sit gathering dust on a shelf. In this chapter, the authors present a survey instrument that can be used to investigate software security usage, competence, and training needs in agile organizations. They present results of using this instrument in two organizations. They find that regardless of cost or benefit, skill drives the kind of activities that are performed, and secure design may be the most important training need.

Download Full-text

Challenges and Solutions for Addressing Software Security in Agile Software Development

International Journal of Systems and Software Security and Protection ◽

10.4018/ijsssp.2018010101 ◽

2018 ◽

Vol 9 (1) ◽

pp. 1-17

Author(s):

Ronald Jabangwe ◽

Kati Kuusinen ◽

Klaus R Riisom ◽

Martin S Hubel ◽

Hasan M Alradhi ◽

...

Keyword(s):

Software Development ◽

Software Security ◽

Agile Software Development ◽

Functional Requirements ◽

Process Dynamics ◽

Relevance Assessment ◽

Security Practices ◽

Development Context ◽

Development Processes ◽

Agile Software

There has been a surge in the number of software security threats and vulnerabilities in recent times. At the same time, expectations towards software and data security are growing. Thus, there is a need to ensure that security-related tasks are effectively integrated in the software development processes. However, integrating security practices with agile software development is not trivial due to, for instance, differences in process dynamics and the concentration on functional vs non-functional requirements. In this article, the authors present a literature review on the challenges and solutions when adopting security in an agile software development context. Their findings suggest that there are ongoing efforts to integrate security-practices in agile methods, but more research is needed to make the processes more optimized and simpler for developers. A rigor and relevance assessment on primary studies highlights a need for improving the manner in which studies on the topic are performed as well as reported.

Download Full-text

An Empirical Study on the Relationship between Software Security Skills, Usage and Training Needs in Agile Settings

2016 11th International Conference on Availability, Reliability and Security (ARES) ◽

10.1109/ares.2016.103 ◽

2016 ◽

Cited By ~ 15

Author(s):

Tosin Daniel Oyetoyan ◽

Daniela Soares Cruzes ◽

Martin Gilje Jaatun

Keyword(s):

Empirical Study ◽

Software Security ◽

Training Needs ◽

The Relationship ◽

And Training

Download Full-text

Collaborative security risk estimation in agile software development

Information and Computer Security ◽

10.1108/ics-12-2018-0138 ◽

2019 ◽

Vol 27 (4) ◽

pp. 508-535 ◽

Cited By ~ 2

Author(s):

Inger Anne Tøndel ◽

Martin Gilje Jaatun ◽

Daniela Soares Cruzes ◽

Laurie Williams

Keyword(s):

Software Development ◽

Software Security ◽

Risk Estimation ◽

Agile Software Development ◽

Easy Access ◽

Agile Development ◽

Security Risk ◽

Content Type ◽

Agile Software ◽

Agile Teams

PurposeToday, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated by a desire to understand why security risk assessments have not yet gained widespread adoption in agile development, this study aims to assess to what extent the Protection Poker game would be accepted by agile teams and how it can be successfully integrated into the agile practices.Design/methodology/approachProtection Poker was studied in capstone projects, in teams doing a graduate software security course and in sessions with industry representatives. Data were collected via questionnaires, observations and group interviews.FindingsResults show that Protection Poker has the potential to be adopted by agile teams. Key benefits include good discussions on security and the development project, along with increased knowledge and awareness. Challenges include ensuring efficient use of time and gaining impact on the end product.Research limitations/implicationsUsing students allowed easy access to subjects and an ability to collect rich data over time, but at the cost of generalizability to professional settings. Results from interactions with professionals supplement the data from students, showing similarities and differences in their opinions on Protection Poker.Originality/valueThe paper proposes ways to tackle the main obstacles to the adoption of the Protection Poker technique, as identified in this study.

Download Full-text

Identification of Training Needs for Teachers of Khulna University of Bangladesh

South Asian Journal of Agriculture ◽

10.3329/saja.v7i1-2.56749 ◽

2019 ◽

pp. 44-50

Author(s):

Mohammad Bashir Ahmed ◽

Md Abdul Mannan

Keyword(s):

Research Methodology ◽

Rating Scale ◽

Training Needs ◽

Teaching Methodology ◽

Computer Skill ◽

Office Management ◽

High Knowledge ◽

Level Of Knowledge ◽

Training Need ◽

And Training

The main purpose of the study was to identify the training needs of the teachers of Khulna University. Data were collected from randomly selected 54 teachers out of 280 through mailed questionnaire (Both hard and email copy) during June to July, 2010. To identify level of knowledge and training needs of the respondents 20 items/ issues under 5 broad areas (viz. teaching methodology, research methodology, computer skill, office management & administration and extension & outreach) were selected. To determine the level of knowledge a 5- points rating scale such as little knowledge, some knowledge, substantial knowledge, high knowledge and very high knowledge were used and a score of 1, 2, 3, 4 and 5 were assigned against the scales respectively. To determine the training need a 5- points rating scale such as little need, some need, substantial need, urgent need and very urgent need were employed and a score of 1, 2, 3, 4 and 5 were assigned against the scales respectively. To identify the issues and areas of knowledge and training, knowledge index and training need index were calculated respectively. The respondents had highest level of knowledge in teaching methodology, while it was least in case of extension and outreach among the five selected broad categories. The respondents expressed very urgent training needs in extension and outreach and least training needs in teaching methodology. The respondent teachers also identified top five issues on which they want to take training are conflict management (under extension and outreach), budget preparation (office management and administration) acquaintance with field problem (extension and outreach), research design and project preparation (research methodology), and data analysis and management (computer skill). Among age, professional experience, educational qualification training experience and level of knowledge, only level of knowledge showed a negative significant relationship with the training need of the respondents. South Asian J. Agric., 7(1&2): 44-50

Download Full-text

Challenges and Solutions for Addressing Software Security in Agile Software Development

Research Anthology on Recent Trends, Tools, and Implications of Computer Programming ◽

10.4018/978-1-7998-3016-0.ch085 ◽

2021 ◽

pp. 1875-1888

Author(s):

Ronald Jabangwe ◽

Kati Kuusinen ◽

Klaus R Riisom ◽

Martin S Hubel ◽

Hasan M Alradhi ◽

...

Keyword(s):

Software Development ◽

Software Security ◽

Agile Software Development ◽

Functional Requirements ◽

Process Dynamics ◽

Relevance Assessment ◽

Security Practices ◽

Development Context ◽

Development Processes ◽

Agile Software

There has been a surge in the number of software security threats and vulnerabilities in recent times. At the same time, expectations towards software and data security are growing. Thus, there is a need to ensure that security-related tasks are effectively integrated in the software development processes. However, integrating security practices with agile software development is not trivial due to, for instance, differences in process dynamics and the concentration on functional vs non-functional requirements. In this article, the authors present a literature review on the challenges and solutions when adopting security in an agile software development context. Their findings suggest that there are ongoing efforts to integrate security-practices in agile methods, but more research is needed to make the processes more optimized and simpler for developers. A rigor and relevance assessment on primary studies highlights a need for improving the manner in which studies on the topic are performed as well as reported.

Download Full-text

Training needs of melon (citrillus colocynthis (l.) schrad) farmers in Okigwe Agricultural Zones of Imo state, Nigeria

Journal of Agricultural Extension ◽

10.4314/jae.v24i4.7 ◽

2020 ◽

Vol 24 (4) ◽

pp. 62-71

Author(s):

Angela I. Emodi ◽

Chinyelu I. Nwokolo ◽

Joy A. Obiorah

Keyword(s):

Fertilizer Application ◽

Sampling Procedure ◽

Training Needs ◽

New Techniques ◽

Imo State ◽

Multi Stage ◽

Training Need ◽

Sales Agents ◽

And Training ◽

Structured Questionnaire

This study ascertained training needs of melon farmers in Imo State, Nigeria. Multi-stage sampling procedure was used to select 100 melon farmers from 10 town communities in the selected rural households. Data were collected through structured questionnaire and analysed using percentage and mean scores. Results from the study showed that the farmers training need in melon production among others were: sourcing of credit facilities ( x̄ =3.65), appropriate market information ( x̄ =3.58) and sourcing and training on fertilizer application ( x̄ =3.50). The main channel of communication among farmers was sales agents (hawkers) and marketers of melon products ( x̄ = 3.06). The major constraints to melon production were inadequate fund ( x̄ = 3.24), poor sales/ pricing system ( x̄ =3.15), low shelf life of processed melon products ( x̄ =3.11). Extension outfits should disseminate information and educate farmers on credit facilities, appropriate market and training on new techniques of how to cultivate melon in and out of season. Keywords: Households, agricultural extension, melon production

Download Full-text

Survey of psychologists’ telebehavioral health practices: Technology use, ethical issues, and training needs.

Professional Psychology Research and Practice ◽

10.1037/pro0000188 ◽

2018 ◽

Vol 49 (3) ◽

pp. 205-219 ◽

Cited By ~ 22

Author(s):

Robert L. Glueckauf ◽

Marlene M. Maheu ◽

Kenneth P. Drude ◽

Brittny A. Wells ◽

Yuxia Wang ◽

...

Keyword(s):

Technology Use ◽

Ethical Issues ◽

Training Needs ◽

Health Practices ◽

Telebehavioral Health ◽

And Training

Download Full-text

Toughness

The Oxford Handbook of Positive Psychology ◽

10.1093/oxfordhb/9780195187243.013.0051 ◽

2009 ◽

pp. 536-548

Author(s):

Richard A. Dienstbier ◽

Lisa M. Pytlik Zillig

Keyword(s):

The Body ◽

Positive Outcomes ◽

Adaptive Coping ◽

Dynamic Interactions ◽

Abstract Level ◽

The Central Nervous System ◽

Cortical System ◽

The Mind ◽

And Training ◽

Neuroendocrine Systems

This chapter presents an overview of the concept of toughness, which at the abstract level is about the harmony of physiological systems, and more concretely is about how the body influences the mind. Toughness theory begins with the recognition that there is a “training effect” for neuroendocrine systems. Following a review of the characteristics of interventions and training programs that can promote toughness, the authors present a model in which the effects of toughness are mediated by neuroendocrine systems such as the pituitary-adrenal-cortical system and the central nervous system. The elements of toughness (e.g., having a greater capacity for arousal and energy when needed) are proposed to promote positive outcomes by facilitating the use of adaptive coping strategies and improving emotional stability. Toughness therefore appears to be a promising concept within positive psychology in that it helps to explain how the dynamic interactions between psychological and somatic processes can promote positive outcomes.

Download Full-text