Relationship Status: "It's Complicated" Developer-Security Expert Dynamics in Scrum
The high number of cyber threats poses significant challenges, with impactful software exploits ranging from data theft to ransomware deployment. Unfortunately, past research highlighted limited security expertise within development teams. Collaboration between developers and security experts, there...
Saved in:
| Published in | Proceedings / International Conference on Software Engineering pp. 2049 - 2061 |
|---|---|
| Main Authors | , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
26.04.2025
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 1558-1225 |
| DOI | 10.1109/ICSE55347.2025.00120 |
Cover
Loading…
| Abstract | The high number of cyber threats poses significant challenges, with impactful software exploits ranging from data theft to ransomware deployment. Unfortunately, past research highlighted limited security expertise within development teams. Collaboration between developers and security experts, therefore, emerges as one of the few workable means to address this gap. In this paper, we explore the complex interplay between developers and security experts within Scrum, one of the most widely adopted frameworks which actively promotes collaboration, to shed light on their working relationship, challenges, and potential avenues for improvement. To this end, we conducted a qualitative interview study with 14 developers and 13 security experts. Our qualitative results reveal three communication patterns and five shared challenges between the groups affecting the develop-security expert collaboration. Top challenges include consistent interaction difficulties and the lack of workable means to balance business and security needs. As a result, we found that three core Scrum values (openness, respect, courage) are missing from this relationship. Based on our results, we propose recommendations for fostering a healthy collaboration between developers and security experts, both within and beyond Scrum. |
|---|---|
| AbstractList | The high number of cyber threats poses significant challenges, with impactful software exploits ranging from data theft to ransomware deployment. Unfortunately, past research highlighted limited security expertise within development teams. Collaboration between developers and security experts, therefore, emerges as one of the few workable means to address this gap. In this paper, we explore the complex interplay between developers and security experts within Scrum, one of the most widely adopted frameworks which actively promotes collaboration, to shed light on their working relationship, challenges, and potential avenues for improvement. To this end, we conducted a qualitative interview study with 14 developers and 13 security experts. Our qualitative results reveal three communication patterns and five shared challenges between the groups affecting the develop-security expert collaboration. Top challenges include consistent interaction difficulties and the lack of workable means to balance business and security needs. As a result, we found that three core Scrum values (openness, respect, courage) are missing from this relationship. Based on our results, we propose recommendations for fostering a healthy collaboration between developers and security experts, both within and beyond Scrum. |
| Author | Gutfleisch, Marco Naji, Houda Naiakshina, Alena |
| Author_xml | – sequence: 1 givenname: Houda surname: Naji fullname: Naji, Houda email: houda.naji@rub.de organization: Ruhr University Bochum,Bochum,Germany – sequence: 2 givenname: Marco surname: Gutfleisch fullname: Gutfleisch, Marco email: marco.gutfleisch@rub.de organization: Ruhr University Bochum,Bochum,Germany – sequence: 3 givenname: Alena surname: Naiakshina fullname: Naiakshina, Alena email: alena.naiakshina@rub.de organization: Ruhr University Bochum,Bochum,Germany |
| BookMark | eNotkEtLw0AURkdRsK39B10M3bhKnTuPJtedpFULBcF0XyaZGxzJi8xU7L-3oKuPszkcvim76fqOGFuAWAEIfNzlxdYYpdOVFNKshAAprtgcU8yUAiPMGuGaTcCYLAEpzR2bhvAlhFhrxAkrPqix0fdd-PQDL6KNp_DEl7v4EHjet0PjKxvJLfmGvqnpBxqTgqrT6OOZb38uGPnm3NnWV4H7jhfVeGrv2W1tm0Dz_52xw8v2kL8l-_fXXf68TzyqmFisyenSOnCZqxygLBG1M9qJUqWQoSgxVRZkWWdWK-2wElRfoh3UTqelmrHFn9YT0XEYfWvH8_FyisQMpfoFHbJTDw |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK ESBDL RIE RIO |
| DOI | 10.1109/ICSE55347.2025.00120 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Xplore Open Access Journals IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science Business |
| EISBN | 9798331505691 |
| EISSN | 1558-1225 |
| EndPage | 2061 |
| ExternalDocumentID | 11029892 |
| Genre | orig-research |
| GroupedDBID | -~X .4S .DC 29O 5VS 6IE 6IF 6IH 6IK 6IL 6IM 6IN 8US AAJGR AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS ARCSS AVWKF BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO EDO ESBDL FEDTE I-F IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO |
| ID | FETCH-LOGICAL-i93t-a9fed4bad1d8dcd192b994d54d0b371890b973a12bf8a434d9c0ef499d1fd47b3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 01:40:27 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i93t-a9fed4bad1d8dcd192b994d54d0b371890b973a12bf8a434d9c0ef499d1fd47b3 |
| OpenAccessLink | https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/document/11029892 |
| PageCount | 13 |
| ParticipantIDs | ieee_primary_11029892 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-April-26 |
| PublicationDateYYYYMMDD | 2025-04-26 |
| PublicationDate_xml | – month: 04 year: 2025 text: 2025-April-26 day: 26 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings / International Conference on Software Engineering |
| PublicationTitleAbbrev | ICSE |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0006499 |
| Score | 2.2967522 |
| Snippet | The high number of cyber threats poses significant challenges, with impactful software exploits ranging from data theft to ransomware deployment.... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 2049 |
| SubjectTerms | Agile Business Collaboration Developers Distance measurement Interviews Ransomware Relationship Scrum Scrum (Software development) Security Security Experts Software Software engineering |
| Title | Relationship Status: "It's Complicated" Developer-Security Expert Dynamics in Scrum |
| URI | https://ieeexplore.ieee.org/document/11029892 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3NS8MwFA-6g3iazonOD8IQPHVLm6RtvM6NTXAIm7DbSPJSHGI3tvbiX2_SjymC4K3k0IYXmvde8vtA6C7gWgdh5Hu-kNxjTgRTCSq8xHDbDoVax8qxkZ-n4fiVPS34oiKrF1wYY0wBPjM991jc5cNa5-6orG9TlRMMtzvuoe3cSrLWftsNbe1eceN8IvqTwWzIOWWR7QEDd27iO0vvHw4qRQIZNdG0_nSJG3nv5Znq6c9fqoz_ntsJan9z9fDLPgudogOTttBRjWdvoWbt24Cr3_gMzfYIuLfVBrtyM9894O4ku9_hQQ0xN9DFFaLIbL1ZZXOHC2nkDD-WRvY7vErte7f5RxvNR8P5YOxV5greStDMkyIxwJQEH2LQYOs8JQQDzoAoavOVIEpEVPqBSmLJKAOhiUlsiMFPgEWKnqNGuk7NBcKaCAIkoRR4wCQBKQBk5IpHAB0m8SVqu3AtN6V8xrKOVOeP8St07JbMXdkE4TVqZNvc3NjMn6nbYsW_AH1RrnM |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NS8MwGA4yQT1N58RvwxA8dWubpG28zsmm2xA2YbeR5E1xiN3Y2ou_3qQfUwTBW-mhLW9o3ifJ84HQrc-U8oPQczwumEOtCabkhDuxZmY5FCgVSatGHo2D_it9mrFZKVbPtTBa65x8ptv2Mj_Lh6XK7FZZx7QqaxhuZtxd0_iZV8i1thNvYNB7qY7zXN4ZdCc9xggNzSrQtzsnng31_pGhkreQxzoaVy8vmCPv7SyVbfX5y5fx3193iJrfaj38su1DR2hHJw20VzHaG6heJTfg8kc-RpMtB-5tscIWcGabe9wapHcb3K1I5hpauOQU6bUzKYPucG6OnOKHIsp-gxeJee46-2ii6WNv2u07ZbyCs-AkdQSPNVApwIMIFBikJzmnwCi4kpiOxV3JQyI8X8aRoIQCV66OTYnBi4GGkpygWrJM9CnCyuUuuDEhwHwqXBAcQIQWPgKoII7OUNOWa74qDDTmVaXO_7h_g_b709FwPhyMny_QgR0-e4DjB5eolq4zfWVwQCqv89H_AsTQsbw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=Relationship+Status%3A+%22It%27s+Complicated%22+Developer-Security+Expert+Dynamics+in+Scrum&rft.au=Naji%2C+Houda&rft.au=Gutfleisch%2C+Marco&rft.au=Naiakshina%2C+Alena&rft.date=2025-04-26&rft.pub=IEEE&rft.eissn=1558-1225&rft.spage=2049&rft.epage=2061&rft_id=info:doi/10.1109%2FICSE55347.2025.00120&rft.externalDocID=11029892 |