A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
Securing Scrum for VAHTI
Tekijät: Kalle Rindell, Sami Hyrynsalmi, Ville Leppänen
Konferenssin vakiintunut nimi: Symposium on Programming Languages and Software Tools
Julkaisuvuosi: 2015
Journal: CEUR Workshop Proceedings
Sarjan nimi: CEUR Workshop Proceedings
Vuosikerta: 1525
Aloitussivu: 236
Lopetussivu: 250
Sivujen määrä: 15
ISSN: 1613-0073
Verkko-osoite: http://ceur-ws.org/Vol-1525/paper-17.pdf
Tiivistelmä
Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.
Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.
Turun yliopiston Tutkimustietojärjestelmän portaali