Güvenli ve Scrum Merkezli Yaklaşımla Çevik Yazılım Geliştirme

Öz

Çevik modellerin yerine getirilmesi, bir yazılım geliştirme projesinin görevlerinin bir arada yürütülmesi açısından önemlidir. Proje mimarisinin tanımları genellikle bu modellerde yapılmaktadır. Teslimat süresi, maliyet, bakım gibi faktörler belirlenir. Geleneksel yöntemlerde proje aşamaları sıralı olarak yürütülür. Aşamalardan biri tamamlandıktan sonra diğerine geçilir. Projenin herhangi bir noktasında bir yenilik veya değişiklik yapılmaya çalışıldığında bazı sorunlar ortaya çıkar. Bu sorunlar genel olarak iletişimin ön plana çıkarıldığı ve süreçlerin daha esnek yürütüldüğü Scrum çevik yöntemleriyle çözülebilmektedir. Scrum stratejisinin yazılım geliştirme modellerine dâhil edilmesinde Scrum ve güvenlik konularının bir araya getirilebileceği yadsınamaz bir gerçektir. Böyle bir durumda Security ve Scrum'ın bir çerçeve içerisinde çalışmasına olanak sağlayan modeller kullanılır. Bu çalışmada yazılım geliştirme sistematiğindeki uyumsuzlukların giderilmesine yönelik bilimsel kanıtlara dayalı bilimsel çalışmalar analiz edilmiştir. Bu analizlerde literatürde Scrum modeli ile güvenlik ilkelerini içeren yazılım geliştirme çalışmalarının bibliyometrik ve istatistiksel analiz sonuçları ortaya çıkarılmıştır. Deneylerde elde edilen sonuçlar incelendiğinde Scrum ve Security modellerinin bir arada kullanıldığı bir mimari ile güvenli yazılım geliştirmenin mümkün olduğu sonucuna varılmıştır.

Anahtar Kelimeler

• Çevik yazılım geliştirme
• Güvenlik
• İstatistiksel ve bibliyometrik analiz
• Scrum

Agile Software Development with Secure and Scrum-Centric Approach

Öz

The fulfillment of agile models is crucial for ensuring that a software development project's tasks are completed efficiently and collaboratively. The definitions of the project architecture are usually performed in these models. Factors such as delivery time, cost and maintenance are determined. In traditional methods, project stages are carried out sequentially. After one of the stages is completed, another one is performed. When an innovation or change is attempted at any point in the project, some problems occur. These problems can generally be solved with Scrum agile methods, where communication is highlighted and processes are performed more flexibly. It is an undeniable fact that Scrum and security issues can be brought together when incorporating the Scrum strategy into software development models. In such a case, models are used that allow Security and Scrum to work within a framework. In this study, scientific studies based on scientific evidence aimed at eliminating incompatibilities in software development systematics were analyzed. The distribution of the publication years, the relation of scrum and security, the citation topic, the bibliometric maps and co-citation report are used in these analysis. In the result of these analyses, bibliometric and statistical analysis results of studies in the literature on software development that includes security principles with the Scrum model were revealed. When the results obtained in the experiments were examined, it was concluded that it was possible to develop secure software with an architecture in which Scrum and Security models were used together. During the software development phase, it enables proactive risk management by blending scrum and security elements. It also allows teams to detect security vulnerabilities during the software development phase. These facilitate the creation of a more secure and durable software product.

Anahtar Kelimeler

• Agile software development
• Scrum
• Security
• Statistical and Bibliometric Analysis

Kaynakça

1. Altunel, H., & Say, B. (2022). Software product system model: a customer-value oriented, adaptable, devops-based product model. SN Computer Science, 3(1), 38. https://doi.org/10.1007/s42979-021-00899-9
2. Aurisch, R., Ahmed, M., & Barkat, A. (2021). An outlook at Agile methodologies for the independent games developer. International Journal of Computers and Applications, 43(8), 812-818. https://doi.org/10.1080/1206212X.2019.1621463
3. Bayram, E., Doğan, B., & Tunalı, V. (2022). A Tertiary Study And Social Network Analysis On Agile Software Development Methodology. International Journal of Advances in Engineering and Pure Sciences, 33, 35-46. https://doi.org/10.7240/jeps.896650
4. Baxter, D., & Turner, N. (2023). Why Scrum works in new product development: the role of social capital in managing complexity. Production Planning & Control, 34(13), 1248-1260. https://doi.org/10.1080/09537287.2021.1997291
5. Behutiye, W., Karhapää, P., López, L., Burgués, X., Martínez-Fernández, S., Vollmer, A. M., & Oivo, M. (2020). Management of quality requirements in agile and rapid software development: A systematic mapping study. Information and software technology, 123, 106225. https://doi.org/10.1016/j.infsof.2019.106225
6. Canedo, E. D., Calazans, A. T. S., Silva, G. R. S., Costa, P. H. T., & Masson, E. T. S. (2023). Use of Journey Maps and Personas in Software Requirements Elicitation. International Journal of Software Engineering and Knowledge Engineering, 33(03), 313-342. https://doi.org/10.1142/S0218194023300014
7. Casola, V., De Benedictis, A., Mazzocca, C., & Orbinato, V. (2024). Secure software development and testing: A model-based methodology. Computers & Security, 137, 103639. https://doi.org/10.1016/j.cose.2023.103639
8. Chantit, S., & Essebaa, I. (2021). Towards an automatic model-based Scrum Methodology. Procedia Computer Science, 184, 797-802. https://doi.org/10.1016/j.procs.2021.03.099

9. Erdogan, G., Meland, P. H., & Mathieson, D. (2010). Security testing in agile web application development-a case study using the east methodology. In Agile Processes in Software Engineering and Extreme Programming: 11th International Conference, XP 2010, Trondheim, Norway, June 1-4, 2010. Proceedings 11 (pp. 14-27). Berlin: Springer. https://doi.org/10.1007/978-3-642-13054-0_2
10. Gomero-Fanny, V., Bengy, A. R., & Andrade-Arenas, L. (2021). Prototype of web system for organizations dedicated to e-commerce under the Scrum methodology. International Journal of Advanced Computer Science and Applications, 12(1). DOI:10.14569/IJACSA.2021.0120152
11. Joskowski, A., Przybyłek, A., & Marcinkowski, B. (2023). Scaling scrum with a customized nexus framework: A report from a joint industry‐academia research project. Software: Practice and Experience, 53(7), 1525-1542. https://doi.org/10.1002/spe.3201
12. Khan, A. A., Khan, J. A., Akbar, M. A., Zhou, P., & Fahmideh, M. (2024). Insights into software development approaches: mining Q &A repositories. Empirical Software Engineering, 29(1), 8. https://doi.org/10.1007/s10664-023-10417-5
13. Kosztyán, Z. T., Novák, G., Jakab, R., Szalkai, I., & Hegedűs, C. (2023). A matrix-based flexible project-planning library and indicators. Expert Systems with Applications, 216, 119472. https://doi.org/10.1016/j.eswa.2022.119472
14. López, L., Manzano, M., Gómez, C., Oriol, M., Farré, C., Franch, X., & Vollmer, A. M. (2021). QaSD: a quality-aware strategic dashboard for supporting decision makers in agile software development. Science of Computer Programming, 202, 102568. https://doi.org/10.1016/j.scico.2020.102568
15. Maier, P., Ma, Z., & Bloem, R. (2017, August). Towards a secure scrum process for agile web application development. In Proceedings of the 12th International Conference on Availability, Reliability and Security (pp. 1-8), Reggio Calabria. https://dl.acm.org/doi/10.1145/3098954.3103171
16. McDonald, J. T., Trigg, T. H., Roberts, C. E., & Darden, B. J. (2016). Security in agile development: Pedagogic lessons from an undergraduate software engineering case study. In Cyber Security: Second International Symposium, CSS 2015, Coeur d'Alene, ID, USA, April 7-8, 2015, Revised Selected Papers 2 (pp. 127-141). Idaho: Springer. https://doi.org/10.1007/978-3-319-28313-5_9
17. Mihelič, A., Hovelja, T., & Vrhovec, S. (2023). Identifying Key Activities, Artifacts and Roles in Agile Engineering of Secure Software with Hierarchical Clustering. Applied Sciences, 13(7), 4563. https://doi.org/10.3390/app13074563
18. Moyo, S., & Mnkandla, E. (2020). A novel lightweight solo software development methodology with optimum security practices. IEEE Access, 8, 33735-33747. https://doi.org/10.1109/ACCESS.2020.2971000
19. Nath, P., Mushahary, J. R., Roy, U., Brahma, M., & Singh, P. K. (2023). AI and Blockchain-based source code vulnerability detection and prevention system for multiparty software development. Computers and Electrical Engineering, 106, 108607. https://doi.org/10.1016/j.compeleceng.2023.108607
20. Nayaka Sheetakallu Krishnaiah, P., Narayan, D. L., & Sutradhar, K. (2024) A survey on secure metadata of agile software development process using blockchain technology. Security and Privacy, e342. https://doi.org/10.1002/spy2.342
21. Oyetoyan, T. D., Jaatun, M. G. G., & Cruzes, D. S. (2019). Measuring Developers' Software Security Skills, Usage, and Training Needs. In Exploring Security in Software Architecture and Design (pp. 260-286), IGI Global. https://doi.org/ 10.4018/978-1-5225-6313-6.ch011
22. Pattaranantakul, M., Vorakulpipat, C., & Takahashi, T. (2023). Service Function Chaining security survey: Addressing security challenges and threats. Computer Networks, 221, 109484. https://doi.org/10.1016/j.comnet.2022.109484
23. Peldszus, S. M. (2022). State of the Art in Secure Software Systems Development. Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants, 37-63. https://doi.org/10.1007/978-3-658-37665-9_3
24. Poller, A., Kocksch, L., Türpe, S., Epp, F. A., & Kinder-Kurlanda, K. (2017, February). Can security become a routine? A study of organizational change in an agile software development group. In Proceedings of the 2017 ACM conference on computer supported cooperative work and social computing (pp. 2489-2503). New York. https://doi.org/10.1145/2998181.2998191
25. Przybyłek, A., Albecka, M., Springer, O., & Kowalski, W. (2022). Game-based Sprint retrospectives: multiple action research. Empirical Software Engineering, 27, 1-56. https://doi.org/10.1007/s10664-021-10043-z
26. Rahy, S., & Bass, J. M. (2022). Managing non‐functional requirements in agile software development. IET Software, 16(1), 60-72. https://doi.org/10.1049/sfw2.12037
27. Sharma, A., & Bawa, R. K. (2022). Identification and integration of security activities for secure agile development. International Journal of Information Technology, 14(2), 1117-1130. https://doi.org/10.1007/s41870-020-00446-4
28. Sheikh, Z. A., & Singh, Y. (2023). Minimizing Cost, Effort, and Implementation Complexity for Adopting Security Requirements in an Agile Development Process for Cyber‐Physical Systems. Agile Software Development: Trends, Challenges and Applications, 87-100. https://doi.org/10.1002/9781119896838.ch6
29. Singh, N., Patel, P., & Datta, S. (2021). A survey on security and human-related challenges in agile software deployment. In 2021 International Conference on Computational Science and Computational Intelligence (CSCI) (pp. 1976-1982). New Jersey: IEEE. https://doi.org/10.1109/CSCI54926.2021.00365
30. Smith, R., Janicke, H., He, Y., Ferra, F., & Albakri, A. (2021). The agile incident response for industrial control systems (AIR4ICS) framework. Computers & Security, 109, 102398. https://doi.org/10.1016/j.cose.2021.102398
31. Tøndel, I. A., Cruzes, D. S., Jaatun, M. G., & Sindre, G. (2022). Influencing the security prioritisation of an agile software development project. Computers & Security, 118, 102744. https://doi.org/10.1016/j.cose.2022.102744
32. Zagita, T. C., & Raharjo, T. (2023). Information Security Integration with Agile Software Development: Systematic Literature Review and Expert Judgement. Indonesian Journal of Computer Science, 12(6). https://doi.org/10.33022/ijcs.v12i6.3593