A4 Refereed article in a conference publication
Aligning Security Objectives With Agile Software Development
Authors: Kalle Rindell, Sami Hyrynsalmi, Ville Leppänen
Editors: Martin Gilje Jaatun, Daniela Soares Cruzes
Conference name: International Conference on Agile Software Development
Publishing place: New York, NY
Publication year: 2018
Book title : Proceedings of the 19th International Conference on Agile Software Development: Companion
Number of pages: 9
ISBN: 978-1-4503-6422-5
DOI: https://doi.org/10.1145/3234152.3234187(external)
Web address : https://doi.org/10.1145/3234152.3234187(external)
Success of software development process is defined by its ability to
transform the business objectives into requirements and requirements
into functionality. Software typically has also security objectives,
achieved by security engineering activities. In contrast to the
iterative and incremental software development process, security
engineering is defined by sequential life cycle models. Security
and business objectives are thus implemented using conflicting
approaches. To pinpoint the incompatibilities between the methodologies,
this study maps the security engineering activities into
common agile software development practises, processes and artifacts.
The security engineering activities are extracted from several
security development lifecyclemodels: Microsoft SDL, the ISO Common
Criteria and OWASP SAMM and the agile activities from an
industry survey. The organizational and technical aspects of the
mapping are considered primarily from the point of view of achieving
the security objectives set for the software engineering process:
setting security requirements for design, their implementation and
verification, and releasing secure software through efficient software
security development process.