Security objectives in software development are increasingly convergent
with the business objectives, as requirements for privacy and the cost
of security incidents call for more dependable software products. The
development of secure software is accomplished by augmenting the
software development process with specific security engineering
activities. Security engineering, in contrast to the iterative and
incremental software development processes, is characterized by
sequential life cycle models: the security objectives are thus to be
achieved by conflicting approaches. In this study, to identify the
incompatibilities between the approaches, the security engineering
activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM
security engineering models are mapped into common agile software
development processes, practices and artifacts.