Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Can security become a routine? A study of organizational change in an agile software development group

: Poller, Andreas; Kocksch, Laura; Türpe, Sven; Epp, Felix; Kinder-Kurlanda, Katharina


Association for Computing Machinery -ACM-:
CSCW 2017, ACM Conference on Computer Supported Cooperative Work and Social Computing. Proceedings : Portland, Oregon, USA, February 25 - March 01, 2017
New York: ACM, 2017
ISBN: 978-1-4503-4335-0
Conference on Computer Supported Cooperative Work and Social Computing (CSCW) <2017, Portland/Or.>
Conference Paper
Fraunhofer SIT ()

Organizational factors influence the success of security initiatives in software development. Security audits and developer training can motivate development teams to adopt security practices, but their interplay with organizational structures and routines remains unclear. We studied how security consultancy affected organizational routines in a software development group. Security consultants tested their product, reported vulnerabilities, and delivered a security training. We followed the group during and after consultancy events. As a result of the consultancy, group members improved their understanding of security issues, but could not effect a change of routines within the given organizational structure. They handled vulnerabilities in a stabilization routine without changes in feature development, where security remained intangible. Interestingly, group members acknowledged an unfulfilled need for change but defended the structure inhibiting change. Security initiatives need to consider this interplay of structure and situated practice, and manage change in addition to providing expertise and tools.