A4 Refereed article in a conference publication
A Comparison of Security Assurance Support of Agile Software Development Methods
Authors: Kalle Rindell, Sami Hyrynsalmi, Ville Leppänen
Editors: Boris Rachev, Angel Smrikarov
Conference name: International Conference on Computer Systems and Technologies
Publication year: 2015
Book title : Proceedings of International Conference on Computer Systems and Technologies - CompSysTech’15
Series title: The ACM International Conference Proceedings Series
Volume: 1008
First page : 61
Last page: 68
Number of pages: 8
ISBN: 978-1-4503-3357-3
DOI: https://doi.org/10.1145/2812428.2812431
Agile methods increase the speed and reduce the cost of software projects; however, they have been criticized for lack of documentation, traditional quality control, and, most importantly, lack of security assurance - mostly due to their informal and self-organizing approach to software development. This paper clarifies the requirements for security assurance by using an evaluation framework to analyze the compatibility of established agile security development methods: XP, Scrum and Kanban, combined with Microsoft SDL security framework, against Finland’s established national security regulation (Vahti). We also analyze the selected methods based on their role definitions, and provide some avenues for future research
