{"id":"https://openalex.org/W3007148423","doi":"https://doi.org/10.4018/ijsssp.2020010103","title":"Towards a Conceptual Framework for Security Requirements Work in Agile Software Development","display_name":"Towards a Conceptual Framework for Security Requirements Work in Agile Software Development","publication_year":2020,"publication_date":"2020-01-01","ids":{"openalex":"https://openalex.org/W3007148423","doi":"https://doi.org/10.4018/ijsssp.2020010103","mag":"3007148423"},"language":"en","primary_location":{"id":"doi:10.4018/ijsssp.2020010103","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijsssp.2020010103","pdf_url":null,"source":{"id":"https://openalex.org/S4210212113","display_name":"International Journal of Systems and Software Security and Protection","issn_l":"2640-4265","issn":["2640-4265","2640-4273"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Systems and Software Security and Protection","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012135643","display_name":"Inger Anne T\u00f8ndel","orcid":"https://orcid.org/0000-0001-7599-0342"},"institutions":[{"id":"https://openalex.org/I173888879","display_name":"SINTEF","ror":"https://ror.org/01f677e56","country_code":"NO","type":"facility","lineage":["https://openalex.org/I173888879"]},{"id":"https://openalex.org/I204778367","display_name":"Norwegian University of Science and Technology","ror":"https://ror.org/05xg72x27","country_code":"NO","type":"education","lineage":["https://openalex.org/I204778367"]}],"countries":["NO"],"is_corresponding":true,"raw_author_name":"Inger Anne T\u00f8ndel","raw_affiliation_strings":["Department of Computer Science, Norwegian University of Science and Technology (NTNU), Trondheim, Norway & SINTEF Digital, Trondheim, Norway"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Norwegian University of Science and Technology (NTNU), Trondheim, Norway & SINTEF Digital, Trondheim, Norway","institution_ids":["https://openalex.org/I204778367","https://openalex.org/I173888879"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071836226","display_name":"Martin Gilje Jaatun","orcid":"https://orcid.org/0000-0001-7127-6694"},"institutions":[{"id":"https://openalex.org/I4387930215","display_name":"SINTEF Digital","ror":"https://ror.org/028m52w57","country_code":null,"type":"facility","lineage":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]},{"id":"https://openalex.org/I173888879","display_name":"SINTEF","ror":"https://ror.org/01f677e56","country_code":"NO","type":"facility","lineage":["https://openalex.org/I173888879"]}],"countries":["NO"],"is_corresponding":false,"raw_author_name":"Martin Gilje Jaatun","raw_affiliation_strings":["SINTEF Digital, Oslo, Norway"],"affiliations":[{"raw_affiliation_string":"SINTEF Digital, Oslo, Norway","institution_ids":["https://openalex.org/I173888879","https://openalex.org/I4387930215"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5012135643"],"corresponding_institution_ids":["https://openalex.org/I173888879","https://openalex.org/I204778367"],"apc_list":null,"apc_paid":null,"fwci":2.1353,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.89955587,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":97},"biblio":{"volume":"11","issue":"1","first_page":"33","last_page":"62"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5786135196685791},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5595927834510803},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.5532931685447693},{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.5440882444381714},{"id":"https://openalex.org/keywords/agile-software-development","display_name":"Agile software development","score":0.5180056691169739},{"id":"https://openalex.org/keywords/conceptual-framework","display_name":"Conceptual framework","score":0.4435858428478241},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.4388711452484131},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.43510907888412476},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.43227237462997437},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.39864397048950195},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.28832384943962097},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.27381783723831177},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.23750683665275574},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.22630572319030762},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.22364288568496704},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.19734638929367065}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5786135196685791},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5595927834510803},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.5532931685447693},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.5440882444381714},{"id":"https://openalex.org/C14185376","wikidata":"https://www.wikidata.org/wiki/Q30232","display_name":"Agile software development","level":2,"score":0.5180056691169739},{"id":"https://openalex.org/C14224292","wikidata":"https://www.wikidata.org/wiki/Q13600188","display_name":"Conceptual framework","level":2,"score":0.4435858428478241},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.4388711452484131},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.43510907888412476},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.43227237462997437},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.39864397048950195},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.28832384943962097},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27381783723831177},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.23750683665275574},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.22630572319030762},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.22364288568496704},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.19734638929367065},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.4018/ijsssp.2020010103","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijsssp.2020010103","pdf_url":null,"source":{"id":"https://openalex.org/S4210212113","display_name":"International Journal of Systems and Software Security and Protection","issn_l":"2640-4265","issn":["2640-4265","2640-4273"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Systems and Software Security and Protection","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W164607795","https://openalex.org/W810313514","https://openalex.org/W1495115868","https://openalex.org/W1497617446","https://openalex.org/W1529465401","https://openalex.org/W1546968209","https://openalex.org/W1556808170","https://openalex.org/W1567813697","https://openalex.org/W1897168949","https://openalex.org/W1926007699","https://openalex.org/W1947959002","https://openalex.org/W1969200709","https://openalex.org/W2028813279","https://openalex.org/W2035580131","https://openalex.org/W2112657059","https://openalex.org/W2126762719","https://openalex.org/W2140266533","https://openalex.org/W2157820602","https://openalex.org/W2159661610","https://openalex.org/W2293315449","https://openalex.org/W2294407885","https://openalex.org/W2410887582","https://openalex.org/W2417374371","https://openalex.org/W2562223200","https://openalex.org/W2565864019","https://openalex.org/W2572411793","https://openalex.org/W2588952840","https://openalex.org/W2591282822","https://openalex.org/W2623557439","https://openalex.org/W2758037626","https://openalex.org/W2799442568","https://openalex.org/W2806436836","https://openalex.org/W2811010250","https://openalex.org/W2823856782","https://openalex.org/W2887118408","https://openalex.org/W2895547509","https://openalex.org/W2897612681","https://openalex.org/W2901525100","https://openalex.org/W3037652354","https://openalex.org/W3092948851","https://openalex.org/W4205192141","https://openalex.org/W4234250490","https://openalex.org/W4256154369","https://openalex.org/W6622747110","https://openalex.org/W6631767708"],"related_works":["https://openalex.org/W4200488931","https://openalex.org/W4200605894","https://openalex.org/W2909697430","https://openalex.org/W2738725851","https://openalex.org/W4242285609","https://openalex.org/W3042133935","https://openalex.org/W3186531086","https://openalex.org/W3189415836","https://openalex.org/W3016293050","https://openalex.org/W4224882422"],"abstract_inverted_index":{"Security":[0],"requirement":[1,25,70],"work":[2,26,71,83,86],"plays":[3],"a":[4,14,74],"key":[5,79],"role":[6],"in":[7,13,29,43,143],"achieving":[8],"cost-effective":[9],"and":[10,40,57,88,105,141,145],"adequate":[11],"security":[12,24,38,41,69,113,151],"software":[15,20,37],"development":[16],"project.":[17],"Knowledge":[18],"about":[19],"companies'":[21],"experiences":[22],"of":[23,64,91,112,122,147],"is":[27,119],"important":[28,108],"order":[30],"to":[31,72,82,98,139],"bridge":[32],"the":[33,62,89,99,110,120,123],"observed":[34],"gap":[35],"between":[36],"practices":[39,56],"risks":[42],"many":[44],"projects":[45],"today.":[46],"Particularly,":[47],"such":[48],"knowledge":[49],"can":[50],"help":[51],"researchers":[52],"improve":[53],"on":[54,68,150],"available":[55],"recommendations.":[58],"This":[59],"article":[60],"uses":[61],"results":[63],"published":[65],"empirical":[66,148],"studies":[67,149],"create":[73],"conceptual":[75],"framework":[76,96],"that":[77],"shows":[78],"concepts":[80],"related":[81,138],"context,":[84],"this":[85,92],"itself":[87],"effects":[90],"work.":[93,153],"The":[94],"resulting":[95],"points":[97],"following":[100],"research":[101],"challenges:":[102],"1)":[103],"Identifying":[104],"understanding":[106],"factors":[107,137],"for":[109],"effect":[111],"requirements":[114,125,152],"work;":[115],"2)":[116],"Understanding":[117],"what":[118],"importance":[121],"chosen":[124],"approach":[126],"itself,":[127],"and;":[128],"3)":[129],"Properly":[130],"taking":[131],"into":[132],"account":[133],"contextual":[134],"factors,":[135],"especially":[136],"individuals":[140],"interactions,":[142],"planning":[144],"analysis":[146]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":2},{"year":2020,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}