Quality, security, and privacy assurance in software development: proactive integration or just workflow-slowing checkpoints? - UTU Research Portal

A1 Refereed original research article in a scientific journal

Quality, security, and privacy assurance in software development: proactive integration or just workflow-slowing checkpoints?

Authors: Majanoja, Anne-Maarit; Leppänen, Ville

Publisher: University of Minho

Publication year: 2026

Journal: International Journal of Information Systems and Project Management

Volume: 14

Issue: 1

First page : 1

Last page: 26

ISSN: 2182-7796

eISSN: 2182-7788

DOI: https://doi.org/10.12821/ijispm140102

Publication's open availability at the time of reporting: Open Access

Publication channel's open availability : Open Access publication channel

Web address : https://doi.org/10.12821/ijispm140102

Self-archived copy’s web address: https://research.utu.fi/converis/portal/detail/Publication/509031884

Self-archived copy's licence: other license

Self-archived copy's version: Publisher`s PDF

Abstract

In software development, the integration of assurance methodologies such as quality, security, and privacy practices is essential to producing high-quality, reliable, and compliant products. This paper investigates the adoption and effectiveness of these assurance practices within the daily operations of software development. Through an industry survey of 88 software development professionals in Finland, this study examines the order and consistency with which developers apply assurance practices during projects, and the challenges they face in performing these tasks. The results show that while developers recognize the importance of assurance, many organizations still treat it as a separate, secondary activity rather than a core part of the development lifecycle. Key findings show that quality practices are more consistently integrated into daily operations compared to security and privacy measures, which tend to be reactive. The paper highlights the tension between agile practices, which promote flexibility and continuous improvement, and the more rigid, process-heavy nature of assurance tasks. The study underscores the need for a shift in both industry practices and educational approaches to fully embed assurance into software development.

Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

majanoja_leppanen_2026.pdf