In a year long study we observed an agile software development team, to understand, how it establishes security practices following a security consultancy. This included in-situ observation at a security workshop and interviews with developers and management. In our long paper for CSCW 2017 we reveal that the consultancy hampered understanding, but was not sufficient to change organizational routines.
Andreas Poller, Laura Kocksch, Sven Türpe, Felix Anand Epp and Katharina Kinder-Kurlanda. 2017.
“Can Security Become a Routine? A Study of Organizational Change in an Agile Software Development Group”. In Proceedings of the 20th ACM Conference on Computer-Supported Cooperative Work & Social Computing (CSCW ‘17). ACM, New York, NY, USA. DOI
Andreas Poller, Laura Kocksch, Katharina Kinder-Kurlanda, and Felix Epp. 2016. “First-time Security Audits as a Turning Point?: Challenges for Security Practices in an Industry Software Development Team”. In Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems (CHI EA ‘16). ACM, New York, NY, USA, 1288-1294. DOI