A4 Article in conference proceedings
Busting a myth: Review of agile security engineering methods

List of Authors: Rindell K., Hyrynsalmi S., Leppänen V.
Publisher: Association for Computing Machinery
Publication year: 2017
Book title *: ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security
Journal name in source: ACM International Conference Proceeding Series
Title of series: ACM International Conference Proceeding Series
ISBN: 978-1-4503-5257-4


Engineering methods are essential in software development, and form a crucial element in the design and implementation of software security. Security engineering processes and activities have a long and well-standardized history of integration with software development methods. The inception of iterative and incremental software development methods raised suspicions of an inherent incompatibility between the traditional non-agile security processes and the new agile methods. This suspicion still affects the attitude towards agile security. To examine and explore this myth, this study presents a literature review of a selected set of agile secure software development methods. A systematic literature method was used to find the definitive set of secure agile software development methods, of which a core set of 11 papers was selected for analysis, and the security activities documented in the methods were extracted. The results show a wide and well-documented adaptation of security activities in agile software development, with the observed activities covering the whole security development life cycle. Based on the analysis, the inherent insecurity of the agile software development methods can be declared to be a mere myth.

Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

Last updated on 2019-21-08 at 23:19