Security Practices in Agile Development: An Industry Survey on Adoption, Perceived Impact, and Measurement in DevOps

Descripción:

This paper presents an empirical survey study (N=24) examining the integration of security practices into agile and continuous development processes. The findings reveal that while the most adopted practices include Standards and Requirements (71%), Code Review (67%), and Compliance and Policy (63%), their implementation remains predominantly non-systematic. Despite moderate to high perceived impact, significant gaps exist between recognition and effective adoption, compounded by low security expert participation (37%) and a notable scarcity of metrics. The findings provide exploratory evidence on the current state of practice and key priorities for organizations looking to strengthen security integration while maintaining agility in their development processes.

Tipo de publicación: Conference Paper

Publicado en: Anais do XXIX Congresso Ibero-Americano em Engenharia de Software (CIbSE 2026)

Autores
  • Selva-Mora, Alejandra
  • Quesada-López, Christian
  • Lara, Adrian
  • Jenkins, Marcelo

Investigadores del CITIC asociados a la publicación
Mag. Alejandra Selva Mora
Dr. Christian Quesada-López
Dr. Adrian Lara Petitdemange
Dr. Marcelo Jenkins Coronas

Proyecto asociado a la publicación
Diseño de un Marco de trabajo para la Gestión de Prácticas de Seguridad en Entornos de Desarrollo Ágil de Software

DOI BIBTEXT

Datos bibliográficos
Cita bibliográfica
Security Practices in Agile Development: An Industry Survey on Adoption, Perceived Impact, and Measurement in DevOps