Designing software for use by multiple clients has
become commonplace in the software sector and has led to many
vendors focusing on developing software for a specific sector,
marketing the product then modifying it to a customer’s
requirements. To fit the software to the client’s needs involves a
unique form of teamwork, and it is usually an offshore team that
processes the requests and implements the changes to the initial
infrastructure. Unfortunately, this contravenes organizations’
information security requirements, due to their multiple
structures and infrastructures and their need for privacy as well as
swift processing of requests at reasonable cost. This study
proposes a hybrid model, the Onshore Agile Security
Requirements Development (OASRD) model, which uses Agile to
meet the security implications arising from the onshore team
working at the client’s site while it processes the customization
requirements. It investigates the impact of the model on
productivity, measured by the number of security and
customization requirements that are processed and the estimated
cost in terms of human resources. The evaluation reveals a
statistically significant increase in productivity of about 40%,
accompanied by a reduction in cost of more than 48% over the
entire customization process, demonstrating the advantages of
customizing packaged software through distributed development.