A4 Refereed article in a conference publication
Securing Scrum for VAHTI
Authors: Kalle Rindell, Sami Hyrynsalmi, Ville Leppänen
Conference name: Symposium on Programming Languages and Software Tools
Publication year: 2015
Journal: CEUR Workshop Proceedings
Series title: CEUR Workshop Proceedings
Volume: 1525
First page : 236
Last page: 250
Number of pages: 15
ISSN: 1613-0073
Web address : http://ceur-ws.org/Vol-1525/paper-17.pdf
Abstract
Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.
Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.
UTU Research Portal