Quality, security, and privacy assurance in software development: proactive integration or just workflow-slowing checkpoints? - UTU Tutkimustietojärjestelmä

A1 Vertaisarvioitu alkuperäisartikkeli tieteellisessä lehdessä

Quality, security, and privacy assurance in software development: proactive integration or just workflow-slowing checkpoints?

Tekijät: Majanoja, Anne-Maarit; Leppänen, Ville

Julkaisuvuosi: 2026

Lehti: International Journal of Information Systems and Project Management

Vuosikerta: 14

Numero: 1

Aloitussivu: 1

Lopetussivu: 26

ISSN: 2182-7796

eISSN: 2182-7788

DOI: https://doi.org/10.12821/ijispm140102

Julkaisun avoimuus kirjaamishetkellä: Avoimesti saatavilla

Julkaisukanavan avoimuus : Kokonaan avoin julkaisukanava

Verkko-osoite: https://doi.org/10.12821/ijispm140102

Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/509031884

Rinnakkaistallenteen lisenssi: muu lisenssi

Rinnakkaistallennetun julkaisun versio: Kustantajan versio

Tiivistelmä

In software development, the integration of assurance methodologies such as quality, security, and privacy practices is essential to producing high-quality, reliable, and compliant products. This paper investigates the adoption and effectiveness of these assurance practices within the daily operations of software development. Through an industry survey of 88 software development professionals in Finland, this study examines the order and consistency with which developers apply assurance practices during projects, and the challenges they face in performing these tasks. The results show that while developers recognize the importance of assurance, many organizations still treat it as a separate, secondary activity rather than a core part of the development lifecycle. Key findings show that quality practices are more consistently integrated into daily operations compared to security and privacy measures, which tend to be reactive. The paper highlights the tension between agile practices, which promote flexibility and continuous improvement, and the more rigid, process-heavy nature of assurance tasks. The study underscores the need for a shift in both industry practices and educational approaches to fully embed assurance into software development.

Ladattava julkaisu

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

majanoja_leppanen_2026.pdf