Privatsphären-/ und Benutzbarkeits-fördernde Softwareentwicklungsprozesse für kleine und mittelständische Unternehmen
Small and medium-sized enterprises (SMEs) are dependent on the investigation of methods and development processes for software development in order to develop satisfactory applications for their end users. For this methods to integrate security, privacy, and usability are a central component. As the work of Bender et al., through a survey of publications, shows, there are currently no software development processes that are both suitable for SMEs and integrate the three criteria - security, privacy, and usability. This master thesis aims at counteracting this by proposing a privacy- and usability-enhancing software development process for SMEs.
For this purpose, starting from the work of Bender et al., the approaches from the literature are considered in order to identify suitable processes and methods for the integration of the three criteria in the software development process.
For the determination of the actually used methods, processes and possible requirements for a software development process from the point of view of SMEs, software developers from these SMEs are surveyd in the form of interviews. The findings from the literature research as well as the interviews with the developers of the SMEs are then compiled.
The interviews show that SMEs have special requirements for a software development process only in exceptional cases, but they do have a large diversity of projects. These disallow the meaningful formulation of a generally applicable software development process with concrete methods and techniques, since the choice of the suitable methods is to be made in dependence on the projects and their concrete context.
So that the SMEs are able to integrate suitable methods in their software development process, 14 principles are formulated in the result of this master thesis. These principles can be used by the companies as a guideline for the integration of security, privacy and usability. In doing so, the principles are drawn from the methods and recommendations in the literature and the methods used by SMEs. The principles are placed in the combined process model, which results from the description of the software development pro- cesses by the interviewed participants.