Implications of regulatory policy for building secure agile software in Nigeria: A grounded theory

Nigeria is ranked second worldwide, after India, in reported incidences of cyberattacks. Attackers usually exploit vulnerabilities software which may not have adequately considered security features during the development process. Agile methods potential to increase productivity and ensure faster delivery software, although they tend neglect non-functional requirements such as security. The implementation government policies, Data Protection Regulation (NDPR) Act 2019, impacts activities carried out by agile teams. Despite its significance, there a paucity research on issues especially Software Development (ASD) domain. To address this gap, grounded theory study was conducted with 15 practitioners Nigeria. Based our analysis interview transcripts, we developed challenges confronting practitioners. four identified were (a) lack collaboration between teams; (b) tendency use foreign hosting companies; (c) poor cybersecurity culture; (d) high cost building secure software. We used these identify gaps within existing ASD found indigenous companies Our also revealed tensions Nigerian regulatory environment developers' compliance. While acknowledged government's efforts, concerns about practicality implementing legislation. recommend action awareness local companies' capabilities, closer Thus, novel contribution article policy adherence (PAC) model.