2A Framework for a Sustainable Software Security Program
MONICA IOVAN1, DANIELA S. CRUZES2, ESPEN A. JOHANSEN3
2 SINTEF Digital, Norway
Email: monica.iovan@visma.com, daniela.s.cruzes@sintef.no, espen.johansen@visma.com http://www.visma.com
Abstract
To remain competitive in the market, software development teams must innovate. Focusing on security can increase the sales of software products because software security is a proven differentiator in competitive industries. In this case, software security requires continuous innovations, which can be seen either as discrete products or as outcomes that turn into new ideas, methods or process of introducing something new. The goal of such innovations would be to create a sustainable security program that can ensure that software development teams continue to use the practices that improve and address the security of their products by adopting a long-term perspective. This chapter describes the stages of effective and sustainable implementation of a software security program while using one systematic model for purposefully disseminating innovations in software security practices.
Keywords: Security program, ambidextrous, software security, agile development, diffusion of innovations, self-managed teams
2.1 Introduction
In an age of increasingly effective cybercrime and more visible nation-state-driven cyber operations, focusing on software security is crucial because of the major risks regarding reputation ...