Mag. Alejandra Selva Mora

Mag. Alejandra Selva Mora

Es estudiante: 
No
Programa en que estudia: 

Proyectos

Publicaciones

A BizDevOps-Aligned Framework for Integrating Security Practices in Agile Software Development

Descripción:

Agile software development methodologies are well suited to address business needs and be adaptable. However, security considerations are also essential, creating a need to integrate security practices to address critical risks and vulnerabilities. This research proposes a systematic approach to integrate security practices within agile software development environments, ensuring security requirements align with business needs. The study will develop a BizDevOps-aligned framework for integrating security practices in agile environments, including metrics to assess the effectiveness of these practices. A management model will also be created to manage the security practices and support continuous improvement based on observed outcomes.

Tipo de publicación: Conference Paper

Publicado en: 2025 IEEE/ACM 47th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)

Desarrollo Seguro de Software en BizDevOps: Incorporación Temprana de Metas y Controles

Descripción:

La adopción de enfoques de desarrollo de software en entornos BizDevOps pretende alinear el desarrollo de software con los objetivos empresariales, mejorando la velocidad de entrega. Sin embargo, este alineamiento plantea desafíos en ciberseguridad, puesto que no siempre se asegura la incorporación temprana de estrategias de seguridad. Este artículo propone, a partir de un análisis sistemático del estado del arte y del estado de la práctica en marcos de seguridad y BizDevOps, la incorporación de una nueva fase en el ciclo de negocio (Biz) de BizDevOps, enfocada en definir y asegurar el software desde las primeras etapas de desarrollo. El proceso planteado busca considerar sistemáticamente los objetivos de seguridad empresarial, identificando la deuda de seguridad acumulada para poder pagarla en forma oportuna. Este trabajo forma parte de una investigación en progreso que explorará actividades adicionales para fortalecer el diseño seguro de software

Tipo de publicación: Conference Paper

Publicado en: XIX Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2026)

Security Practices in Agile Development: An Industry Survey on Adoption, Perceived Impact, and Measurement in DevOps

Descripción:

This paper presents an empirical survey study (N=24) examining the integration of security practices into agile and continuous development processes. The findings reveal that while the most adopted practices include Standards and Requirements (71%), Code Review (67%), and Compliance and Policy (63%), their implementation remains predominantly non-systematic. Despite moderate to high perceived impact, significant gaps exist between recognition and effective adoption, compounded by low security expert participation (37%) and a notable scarcity of metrics. The findings provide exploratory evidence on the current state of practice and key priorities for organizations looking to strengthen security integration while maintaining agility in their development processes.

Tipo de publicación: Conference Paper

Publicado en: Anais do XXIX Congresso Ibero-Americano em Engenharia de Software (CIbSE 2026)