Addressing Security Requirements through Onshore Agile Development When Packaging Software in the Distributed Development Domain: An empirical study

Designing software for use by multiple clients has become commonplace in the software sector and has led to many vendors focusing on developing software for a specific sector, marketing the product then modifying it to a customer’s requirements. To fit the software to the client’s needs involves a unique form of teamwork, and it is usually an offshore team that processes the requests and implements the changes to the initial infrastructure. Unfortunately, this contravenes organizations’ information security requirements, due to their multiple structures and infrastructures and their need for privacy as well as swift processing of requests at reasonable cost. This study proposes a hybrid model, the Onshore Agile Security Requirements Development (OASRD) model, which uses Agile to meet the security implications arising from the onshore team working at the client’s site while it processes the customization requirements. It investigates the impact of the model on productivity, measured by the number of security and customization requirements that are processed and the estimated cost in terms of human resources. The evaluation reveals a statistically significant increase in productivity of about 40%, accompanied by a reduction in cost of more than 48% over the entire customization process, demonstrating the advantages of customizing packaged software through distributed development.