Agile risk management for multi-cloud software development

IET Software

Volumn 13, Issue 3, 2019, Pages 172-181

  Muntés Mulero, Victor ^a   Ripolles, Oscar ^a   Gupta, Smrati ^b   Dominiak, Jacek ^a   Willeke, Eric ^b   Matthews, Peter ^a   Somosköi, Balázs ^c  

^a Sterling Software   (United States)

^b iSuppli/stanford Resources   (United States)

^c Deutsche Lufthansa AG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

RISKS; SOFTWARE DESIGN;

AGILE SOFTWARE DEVELOPMENT; CONTINUOUS DEVELOPMENT; DIGITAL TRANSFORMATION; FLIGHT SCHEDULING; HIGH-QUALITY SOFTWARE; RAPID TRANSFORMATIONS; SHORT TERM PLANNING; USER REQUIREMENTS;

RISK MANAGEMENT;

EID: 85067462463     PISSN: 17518806     EISSN: None     Source Type: Journal    
DOI: 10.1049/iet-sen.2018.5295     Document Type: Article

References (49)

1. McKendrick J.: 'Every company now a technology company: latest round of mergers and acquisitions confirms it. '. Available at http://tinyurl.com/j6f7ub5, accessed October 2018
2. Mell P. Grance T.: 'The NIST definition of cloud computing. ', Natl. Inst. Stand. Technol., 2009, 53, (6), p. 50
3. Gartner: 'Gartner reveals top predictions for it organizations and users in 2018 and beyond. '. Available at https://www.gartner.com/newsroom/id/3811367, accessed October 2018, 2017
4. Northbridge: '2016 future of cloud computing study. '. Available at https://www.slideshare.net/North-Bridge/2016-future-of-cloud-computing-study, accessed October 2018, 2016
5. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L119, pp. 1-88, May 2016
6. Yan Z. Zhang P. Vasilakos A.V.: 'A survey on trust management for Internet of things. ', J. Netw. Comput. Appl., 2014, 42, pp. 120-134
7. Omerovic A.: 'Supporting cloud service selection with a risk-driven cost-benefit analysis'. In Celesti A. Leitner P. (Eds.): 'Advances in service-oriented and cloud computing ' (Cham Springer International Publishing, Switzerland, 2016), pp. 166-174
8. Gupta S. Muntes-Mulero V. Matthews P.: 'Risk-driven framework for decision support in cloud service selection. '. 2015 15th IEEE/ACM Int. Symp. Cluster, Cloud and Grid Computing (CCGrid), 2015, pp. 545-554
9. Boehm B. Turner R.: 'Balancing agility and discipline: a guide for the perplexed ' (Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2003)
10. Paetsch F. Eberlein A. Maurer F.: 'Requirements engineering and agile software development. '. 12th IEEE Int. Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, June 2003, pp. 308-313
11. Medeiros J. Vasconcelos A. Goulão M.: 'An approach based on design practices to specify requirements in agile projects. '. In 32nd ACM Symp. Applied Computing (SAC 2017), Marrakesh, Morocco, April 2017
12. Wallmüller E.: 'Business continuity. Chapter risk management for IT and software projects ' (Springer-Verlag, New York, NY, USA, 2002), pp. 165-178
13. Rao L.M. Firdose S.: 'Study of existing risk management models and prior research contribution. ', Adarsh J. Inf. Technol., 2016, 4, (1), pp. 10-20
14. Karabacak B. Sogukpinar I.: 'ISRAM: information security risk analysis method. ', Comput. Secur., 2005, 24, (2), pp. 147-159
15. Alberts C.J. Dorofee A.: 'Managing information security risks: the octave approach ' (Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2002)
16. Lund M.S. Solhaug B. Stølen K.: 'Model-driven risk analysis: the CORAS approach ' (Springer Science & Business Media, Berlin, Germany, 2010)
17. The STRIDE Threat Model. Available at https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx,. accessed 09 May 2017
18. OWASP Foundation: 'Technical report. ', 2013,. accessed online 05 November 2013
19. Howard M. Lipner S.: 'The security development lifecycle ' (Microsoft Press, Redmond, WA, USA, 2006)
20. Pasha M. Qaiser G. Pasha U.: 'A critical analysis of software risk management techniques in large scale systems. ', IEEE Access., 2018, 6, pp. 12412-12424
21. Ramos F. Costa A. Perkusich M.: 'A non-functional requirements recommendation system for scrum-based projects. '. In 30th Int. Conf. Software Engineering & Knowledge Engineering (SEKE), 2018
22. Domah D. Mitropoulos F.J.: 'The NERV methodology: a lightweight process for addressing non-functional requirements in agile software development. '. In SoutheastCon 2015, April 2015, pp. 1-7
23. Farid W.M.: 'The normap methodology: lightweight engineering of non-functional requirements for agile processes. '. In 2012 19th Asia-Pacific Software Engineering Conf., 2012,. vol. 1
24. Moran A.: 'Applying agile risk management ' (Springer International Publishing, Cham, 2014), pp. 61-85
25. Moran A.: 'Agile risk management ' (Springer International Publishing, Berlin, Germany, 2014)
26. Feller J. Fitzgerald B. Hissam S.A. (Eds.): 'Perspectives on free and open source software ' (The MIT Press Ltd., Cambridge, 2005)
27. Michlmayr M. Fitzgerald B. Stol K.J.: 'Why and how should open source projects adopt time-based releases? ', IEEE Softw., 2015, 32, (2), pp. 55-63
28. Ståhl D. Bosch J.: 'Modeling continuous integration practice differences in industry software development. ', J. Syst. Softw., 2014, 87, pp. 48-59
29. Fitzgerald B. Stol K.-J.: 'Continuous software engineering: a roadmap and agenda. ', J. Syst. Softw., 2017, 123, pp. 176-189
30. Ameller D. Farré C. Franch X.: 'Towards continuous software release planning. '. In 2017 IEEE 24th Int. Conf. Software Analysis, Evolution and Reengineering (SANER), February 2017, pp. 402-406
31. Ambler S.: 'When does (n't) agile modeling make sense. ', 2001. Available at http://www.agilemodeling.com/essays/whenDoesAMWork.htm. accessed 06 May 2017
32. Fitzgerald B. Hartnett G. Conboy K.: 'Customising agile methods to software practices at Intel Shannon. ', Eur. J. Inf. Syst., 2006, 15, (2), pp. 200-213
33. Fitzgerald B. Stol K. O'Sullivan R.: 'Scaling agile methods to regulated environments: an industry case study. '. Int. Conf. Software Engineering (ICSE '13), 2013, pp. 863-872
34. Mudumba V. Lee O.K.: 'A new perspective on GDSD risk management: agile risk management. '. 2010 Fifth IEEE Int. Conf. Global Software Engineering, August 2010, pp. 219-227
35. Shrivastava S.V. Rathod U.: 'A risk management framework for distributed agile projects. ', Inf. Softw. Technol., 2017, 85, pp. 1-15
36. Aslam A. Ahmad N. Saba T.: 'Decision support system for risk assessment and management strategies in distributed software development. ', IEEE Access., 2017, 5, pp. 20349-20373
37. Merkow M. Raghavan L.: 'An ecosystem for continuously secure application software. '. RUGGED Software, CrossTalk, March/April 2011
38. Banerjee A.: 'Equivalence of risk: a mathematical approach. '. Proc. 29th Int. System Safety Conf., Las Vegas, NV, 2011, pp. 8-12
39. Baah A.: 'Agile quality assurance ' (Bookbaby, USA, 2017)
40. Morán D. Vaquero L.M. Galán F.: 'Elastically ruling the cloud: specifying application's behavior in federated clouds. '. 2011 IEEE Fourth Int. Conf. Cloud Computing, July 2011, pp. 89-96
41. Zhou D. Zhong L. Wo T.: 'Cloudview: describe and maintain resource view in cloud. '. 2010 IEEE Second Int. Conf. Cloud Computing Technology and Science, November 2010, pp. 151-158
42. Goncalves G. Endo P. Santos M.: 'Cloudml: an integrated language for resource, service and request description for d-clouds. '. 2011 IEEE Third Int. Conf. Cloud Computing Technology and Science, November 2011, pp. 399-406
43. OASIS: 'Topology and orchestration specification for cloud applications (TOSCA). '. Available at https://www.oasis-open.org/committees/tc-home.php?wg-abbrev=tosca, accessed October 2018
44. CAMEL: 'Cloud application modelling and execution language. '. Available at http://camel-dsl.org/, accessed October 2018
45. OWASP Risk Rating Methodology. Available at https://www.owasp.org/index.php/OWASP-Risk-Rating-Methodology, accessed 09 May 2018
46. The OWASP Top 10. Available at https://www.owasp.org/index.php/Category: OWASP-Top-Ten-Project,. accessed 09 May 2018
47. 'Security and privacy controls for federal information systems and organizations NIST special publication 800-53 revision 4. '. Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf, accessed October 2018
48. Cloud Security Alliance: 'Cloud control matrix. '. Available at https://cloudsecurityalliance.org/group/cloud-controls-matrix/, accessed October 2018
49. Rios E. Iturbe E. Arrieta L.O.-E.: 'Towards self-protective multi-cloud applications-MUSA-a holistic framework to support the security-intelligent lifecycle management of multi-cloud applications. '. CLOSER, 2015