Relationship Status: “It’s complicated” Developer-Security Expert Dynamics in Scrum
Security
This program is tentative and subject to change.
The high number of cyber threats poses significant challenges, with impactful software exploits ranging from data theft to ransomware deployment. Unfortunately, past research highlighted limited security expertise within development teams. Collaboration between developers and security experts, therefore, emerges as one of the few workable means to address this gap. In this paper, we explore the complex interplay between developers and security experts within Scrum, one of the most widely adopted frameworks which actively promotes collaboration, to shed light on their working relationship, challenges, and potential avenues for improvement. To this end, we conducted a qualitative interview study with 14 developers and 13 security experts. Our qualitative results reveal three communication patterns and five shared challenges between the groups affecting the develop-security expert collaboration. Top challenges include consistent interaction difficulties and the lack of workable means to balance business and security needs. As a result, we found that three core Scrum values (openness, respect, courage) are missing from this relationship. Based on our results, we propose recommendations for fostering a healthy collaboration between developers and security experts, both within and beyond Scrum.
This program is tentative and subject to change.
Fri 2 MayDisplayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | Human and Social 3SE In Practice (SEIP) / Journal-first Papers / Research Track / New Ideas and Emerging Results (NIER) at 206 plus 208 | ||
11:00 15mTalk | Relationship Status: “It’s complicated” Developer-Security Expert Dynamics in ScrumSecurity Research Track Houda Naji Ruhr University Bochum, Marco Gutfleisch Ruhr University Bochum, Alena Naiakshina Ruhr University Bochum | ||
11:15 15mTalk | Soft Skills in Software Engineering: Insights from the Trenches SE In Practice (SEIP) Sanna Malinen University of Canterbury, Matthias Galster University of Canterbury, Antonija Mitrovic University of Canterbury, New Zealand, Sreedevi Sankara Iyer University of Canterbury, Pasan Peiris University of Canterbury, New Zealand, April Clarke University of Canterbury | ||
11:30 15mTalk | A Unified Browser-Based Consent Management Framework New Ideas and Emerging Results (NIER) Gayatri Priyadarsini Indian Institute of Technology Gandhinagar, Abhishek Bichhawat IIT Gandhinagar, India | ||
11:45 15mTalk | Predicting Attrition among Software Professionals: Antecedents and Consequences of Burnout and Engagement Journal-first Papers Bianca Trinkenreich Colorado State University, Fabio Marcos De Abreu Santos Colorado State University, USA, Klaas-Jan Stol Lero; University College Cork; SINTEF Digital | ||
12:00 7mTalk | A Controlled Experiment in Age and Gender Bias When Reading Technical Articles in Software Engineering Journal-first Papers Anda Liang Vanderbilt University, Emerson Murphy-Hill Google, Westley Weimer University of Michigan, Yu Huang Vanderbilt University | ||
12:07 7mTalk | Best ends by the best means: ethical concerns in app reviews Journal-first Papers Neelam Tjikhoeri Vrije Universiteit Amsterdam, Lauren Olson Vrije Universiteit Amsterdam, Emitzá Guzmán Vrije Universiteit Amsterdam | ||
12:14 7mTalk | Shaken, Not Stirred. How Developers Like Their Amplified Tests Journal-first Papers Carolin Brandt Delft University of Technology, Ali Khatami Delft University of Technology, Mairieli Wessel Radboud University, Andy Zaidman Delft University of Technology | ||
12:21 7mTalk | Exploring User Privacy Awareness on GitHub: An Empirical Study Journal-first Papers Costanza Alfieri Università degli Studi dell'Aquila, Juri Di Rocco University of L'Aquila, Paola Inverardi Gran Sasso Science Institute, Phuong T. Nguyen University of L’Aquila | ||