Browsing by Subject "Secure SDLC"

Type the first few letters and click on the Browse button
Now showing 1 - 1 of 1
  • Thumbnail Image
    Publication
    Practices and challenges of threat modelling in agile environments
    (2023) Theurich, Paul; Witt, Josepha; Richter, Sebastian
    Facing the increasing annual cybersecurity costs, threat modelling (TM) is a method to consider security as early as possible in the software development life cycle (SDLC). Thereby, TM helps to identify and address security-related design flaws in information systems. As the original TM approach is based on sequential development, it is not aligned with today’s predominantly agile environments. This results in several challenges. However, TM’s implementation in an agile development approach lacks the recommendations on how to tackle these challenges. Therefore, we assess the state-of-the-art of TM challenges and practices in agile environments by conducting a literature review covering 220 papers. Thereby, we identify nine categories of challenges and six categories of practices. We propose a valuable artefact for practitioners by mapping challenges and practices to the agile SDLC and by creating a matrix highlighting how the practices address the challenges of TM in an agile environment.