A new version of this entry is available:

Thumbnail Image
Article
2023

Practices and challenges of threat modelling in agile environments

Theurich, Paul Witt, Josepha Richter, Sebastian
  s00287-023-01549-5.pdf  (924.35 KB)

Abstract (English)

Facing the increasing annual cybersecurity costs, threat modelling (TM) is a method to consider security as early as possible in the software development life cycle (SDLC). Thereby, TM helps to identify and address security-related design flaws in information systems. As the original TM approach is based on sequential development, it is not aligned with today’s predominantly agile environments. This results in several challenges. However, TM’s implementation in an agile development approach lacks the recommendations on how to tackle these challenges. Therefore, we assess the state-of-the-art of TM challenges and practices in agile environments by conducting a literature review covering 220 papers. Thereby, we identify nine categories of challenges and six categories of practices. We propose a valuable artefact for practitioners by mapping challenges and practices to the agile SDLC and by creating a matrix highlighting how the practices address the challenges of TM in an agile environment.

File is subject to an embargo until

This is a correction to:

A correction to this entry is available:

This is a new version of:

Other version

Notes

Publication license


CC BY 4.0

Publication series

Published in

Informatik-Spektrum, 46 (2023), 4, 220-229. https://doi.org/10.1007/s00287-023-01549-5. ISSN: 1432-122X

Other version

Faculty

Institute

Examination date

Supervisor

Cite this publication

Theurich, P., Witt, J., & Richter, S. (2023). Practices and challenges of threat modelling in agile environments. Informatik-Spektrum, 46(4). https://doi.org/10.1007/s00287-023-01549-5

Edition / version

Citation

Identification

https://doi.org/10.1007/s00287-023-01549-5
 https://hohpublica.uni-hohenheim.de/handle/123456789/18607

DOI

ISSN

ISBN

Language

English

Publisher

Publisher place

Classification (DDC)

000 Computer science, information and general works

Collections

Institut für Wirtschaftsinformatik

Original object

University bibliography

https://hohcampus.verw.uni-hohenheim.de/qisserver/a/fs.res.frontend/pub/view/43316

Free keywords

Threat modelling Cybersecurity Agile software development Secure SDLC Security-by-design

Standardized keywords (GND)

Sustainable Development Goals

BibTeX

@article{Theurich2023, doi = {10.1007/s00287-023-01549-5}, author = {Theurich, Paul and Witt, Josepha and Richter, Sebastian et al.}, title = {Practices and challenges of threat modelling in agile environments}, journal = {Informatik Spektrum}, year = {2023}, volume = {46}, number = {4}, pages = {220--229}, }

Share this publication

Full item page