A4 Refereed article in a conference publication

Aligning Security Objectives With Agile Software Development




AuthorsKalle Rindell, Sami Hyrynsalmi, Ville Leppänen

EditorsMartin Gilje Jaatun, Daniela Soares Cruzes

Conference nameInternational Conference on Agile Software Development

Publishing placeNew York, NY

Publication year2018

Book title Proceedings of the 19th International Conference on Agile Software Development: Companion

Number of pages9

ISBN978-1-4503-6422-5

DOIhttps://doi.org/10.1145/3234152.3234187(external)

Web address https://doi.org/10.1145/3234152.3234187(external)


Abstract

Success of software development process is defined by its ability to
transform the business objectives into requirements and requirements
into functionality. Software typically has also security objectives,
achieved by security engineering activities. In contrast to the
iterative and incremental software development process, security
engineering is defined by sequential life cycle models. Security
and business objectives are thus implemented using conflicting
approaches. To pinpoint the incompatibilities between the methodologies,
this study maps the security engineering activities into
common agile software development practises, processes and artifacts.
The security engineering activities are extracted from several
security development lifecyclemodels: Microsoft SDL, the ISO Common
Criteria and OWASP SAMM and the agile activities from an
industry survey. The organizational and technical aspects of the
mapping are considered primarily from the point of view of achieving
the security objectives set for the software engineering process:
setting security requirements for design, their implementation and
verification, and releasing secure software through efficient software
security development process.



Last updated on 2024-26-11 at 23:10