{"id":"https://openalex.org/W4402366646","doi":"https://doi.org/10.1108/ics-07-2023-0136","title":"Large-scale agile security practices in software engineering","display_name":"Large-scale agile security practices in software engineering","publication_year":2024,"publication_date":"2024-09-09","ids":{"openalex":"https://openalex.org/W4402366646","doi":"https://doi.org/10.1108/ics-07-2023-0136"},"language":"en","primary_location":{"id":"doi:10.1108/ics-07-2023-0136","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-07-2023-0136","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5099072525","display_name":"Cl\u00e1udia Ascen\u00e7\u00e3o","orcid":null},"institutions":[{"id":"https://openalex.org/I4210149344","display_name":"Instituto Superior Polit\u00e9cnico Gaya","ror":"https://ror.org/04k26n974","country_code":"PT","type":"education","lineage":["https://openalex.org/I4210149344"]}],"countries":["PT"],"is_corresponding":true,"raw_author_name":"Cl\u00e1udia Ascen\u00e7\u00e3o","raw_affiliation_strings":["ISPGAYA School of Science and Technology, , Vila Nova de Gaia,"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ISPGAYA School of Science and Technology, , Vila Nova de Gaia,","institution_ids":["https://openalex.org/I4210149344"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5099072524","display_name":"Henrique Teixeira","orcid":null},"institutions":[{"id":"https://openalex.org/I4210149344","display_name":"Instituto Superior Polit\u00e9cnico Gaya","ror":"https://ror.org/04k26n974","country_code":"PT","type":"education","lineage":["https://openalex.org/I4210149344"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Henrique Teixeira","raw_affiliation_strings":["ISPGAYA School of Science and Technology, , Vila Nova de Gaia,"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ISPGAYA School of Science and Technology, , Vila Nova de Gaia,","institution_ids":["https://openalex.org/I4210149344"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006469364","display_name":"Jo\u00e3o Gon\u00e7alves","orcid":"https://orcid.org/0000-0002-8948-0455"},"institutions":[{"id":"https://openalex.org/I4210149344","display_name":"Instituto Superior Polit\u00e9cnico Gaya","ror":"https://ror.org/04k26n974","country_code":"PT","type":"education","lineage":["https://openalex.org/I4210149344"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Jo\u00e3o Gon\u00e7alves","raw_affiliation_strings":["ISPGAYA School of Science and Technology, , Vila Nova de Gaia,"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ISPGAYA School of Science and Technology, , Vila Nova de Gaia,","institution_ids":["https://openalex.org/I4210149344"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035361997","display_name":"Fernando Almeida","orcid":"https://orcid.org/0000-0002-6758-4843"},"institutions":[{"id":"https://openalex.org/I4210166615","display_name":"INESC TEC","ror":"https://ror.org/05fa8ka61","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I4210125590","https://openalex.org/I4210166615"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Fernando Almeida","raw_affiliation_strings":["University of Porto INESC TEC Laboratory, , Porto,"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Porto INESC TEC Laboratory, , Porto,","institution_ids":["https://openalex.org/I4210166615"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5099072525"],"corresponding_institution_ids":["https://openalex.org/I4210149344"],"apc_list":null,"apc_paid":null,"fwci":2.1309,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.90213024,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"33","issue":"3","first_page":"344","last_page":"361"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9926999807357788,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/agile-software-development","display_name":"Agile software development","score":0.732921838760376},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.5602392554283142},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.493163526058197},{"id":"https://openalex.org/keywords/extreme-programming-practices","display_name":"Extreme programming practices","score":0.45798081159591675},{"id":"https://openalex.org/keywords/agile-usability-engineering","display_name":"Agile usability engineering","score":0.4316270053386688},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.428688108921051},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4070744216442108},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.40664637088775635},{"id":"https://openalex.org/keywords/engineering-management","display_name":"Engineering management","score":0.36204490065574646},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.3450052738189697},{"id":"https://openalex.org/keywords/systems-engineering","display_name":"Systems engineering","score":0.34072548151016235},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.30656537413597107},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2458394169807434},{"id":"https://openalex.org/keywords/software-development-process","display_name":"Software development process","score":0.21249157190322876},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.1667892038822174},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.12969371676445007},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.09781613945960999},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08598622679710388}],"concepts":[{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.732921838760376},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.5602392554283142},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.493163526058197},{"id":"https://openalex.org/C170291536","wikidata":"https://www.wikidata.org/wiki/Q5422448","display_name":"Extreme programming practices","level":5,"score":0.45798081159591675},{"id":"https://openalex.org/C36837802","wikidata":"https://www.wikidata.org/wiki/Q17011481","display_name":"Agile usability engineering","level":5,"score":0.4316270053386688},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.428688108921051},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4070744216442108},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.40664637088775635},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.36204490065574646},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.3450052738189697},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.34072548151016235},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.30656537413597107},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2458394169807434},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.21249157190322876},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.1667892038822174},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.12969371676445007},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.09781613945960999},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08598622679710388},{"id":"https://openalex.org/C58640448","wikidata":"https://www.wikidata.org/wiki/Q42515","display_name":"Cartography","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1108/ics-07-2023-0136","is_oa":false,"landing_page_url":"https://doi.org/10.1108/ics-07-2023-0136","pdf_url":null,"source":{"id":"https://openalex.org/S4210195545","display_name":"Information and Computer Security","issn_l":"2056-4961","issn":["2056-4961","2056-497X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information &amp; Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":62,"referenced_works":["https://openalex.org/W144600719","https://openalex.org/W810313514","https://openalex.org/W1954552199","https://openalex.org/W2007049449","https://openalex.org/W2049946139","https://openalex.org/W2082524810","https://openalex.org/W2320538339","https://openalex.org/W2344058994","https://openalex.org/W2508605860","https://openalex.org/W2514567886","https://openalex.org/W2567646516","https://openalex.org/W2620722923","https://openalex.org/W2643232402","https://openalex.org/W2763766763","https://openalex.org/W2775195841","https://openalex.org/W2775354413","https://openalex.org/W2792905107","https://openalex.org/W2870704319","https://openalex.org/W2896975396","https://openalex.org/W2897336501","https://openalex.org/W2900227202","https://openalex.org/W2946540753","https://openalex.org/W2964634513","https://openalex.org/W2974232067","https://openalex.org/W3016716060","https://openalex.org/W3093897435","https://openalex.org/W3104759514","https://openalex.org/W3107179438","https://openalex.org/W3109049172","https://openalex.org/W3136814947","https://openalex.org/W3166079820","https://openalex.org/W3166283372","https://openalex.org/W3173942269","https://openalex.org/W3193339215","https://openalex.org/W3197960801","https://openalex.org/W3198956673","https://openalex.org/W3215087437","https://openalex.org/W4200255857","https://openalex.org/W4200522361","https://openalex.org/W4205844178","https://openalex.org/W4213003081","https://openalex.org/W4220739170","https://openalex.org/W4220828776","https://openalex.org/W4224142968","https://openalex.org/W4224882422","https://openalex.org/W4225571424","https://openalex.org/W4290066941","https://openalex.org/W4290467200","https://openalex.org/W4290702465","https://openalex.org/W4293213332","https://openalex.org/W4296555368","https://openalex.org/W4296660230","https://openalex.org/W4301142158","https://openalex.org/W4307327385","https://openalex.org/W4309035093","https://openalex.org/W4310676303","https://openalex.org/W4313472297","https://openalex.org/W4317634734","https://openalex.org/W4318751380","https://openalex.org/W4323317130","https://openalex.org/W4367047162","https://openalex.org/W4386652095"],"related_works":["https://openalex.org/W3082577432","https://openalex.org/W4376498447","https://openalex.org/W1497203923","https://openalex.org/W3099012432","https://openalex.org/W2139627947","https://openalex.org/W2169992518","https://openalex.org/W2742506893","https://openalex.org/W2006602523","https://openalex.org/W2184909477","https://openalex.org/W2534333789"],"abstract_inverted_index":{"Purpose":[0],"Security":[1],"in":[2,39,60,113,183],"large-scale":[3,41,114,143,157,184],"agile":[4,42,115,158,169,185],"is":[5,48],"a":[6,93,130,174],"crucial":[7],"aspect":[8],"that":[9,35,153],"should":[10],"be":[11,37],"carefully":[12],"addressed":[13],"to":[14,28,82,156],"ensure":[15],"the":[16,32,65,127,140,168],"protection":[17],"of":[18,67,95,99,129,136,167],"sensitive":[19,119],"data,":[20],"systems":[21],"and":[22,30,72,85,105,126,146,172],"user":[23],"privacy.":[24],"This":[25],"study":[26,47,138],"aims":[27],"identify":[29,83],"characterize":[31],"security":[33,87,97,111,144,162,181],"practices":[34,112,145,163],"can":[36,178],"applied":[38,81],"managing":[40],"projects.":[43],"Design/methodology/approach":[44],"A":[45,77],"qualitative":[46],"carried":[49],"out":[50],"through":[51],"18":[52],"interviews":[53],"with":[54],"6":[55],"software":[56],"development":[57,170],"companies":[58],"based":[59],"Portugal.":[61],"Professionals":[62],"who":[63],"play":[64],"roles":[66],"Product":[68],"Owner,":[69],"Scrum":[70,73],"Master":[71],"Member":[74],"were":[75],"interviewed.":[76],"thematic":[78],"analysis":[79],"was":[80],"deductive":[84,103],"inductive":[86],"practices.":[88],"Findings":[89],"The":[90,134],"findings":[91],"identified":[92],"total":[94],"15":[96],"practices,":[98],"which":[100],"8":[101],"are":[102,107,154],"themes":[104],"7":[106],"inductive.":[108],"Most":[109],"common":[110],"include":[116],"penetration":[117],"testing,":[118,123],"data":[120],"management,":[121],"automated":[122],"threat":[124],"modeling":[125],"implementation":[128],"DevSecOps":[131],"approach.":[132],"Originality/value":[133],"results":[135],"this":[137],"extend":[139],"knowledge":[141],"about":[142],"offer":[147],"relevant":[148],"practical":[149],"contributions":[150],"for":[151],"organizations":[152,177],"migrating":[155],"environments.":[159,186],"By":[160],"incorporating":[161],"at":[164],"every":[165],"stage":[166],"lifecycle":[171],"fostering":[173],"security-conscious":[175],"culture,":[176],"effectively":[179],"address":[180],"challenges":[182]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}