A4 Refereed article in a conference publication

The Security Intention Meeting Series as a way to increase visibility of software security decisions in agile development projects




AuthorsTøndel I. A., Cruzes D. S., Jaatun M. G., Rindell K.

EditorsN/A

Conference nameInternational Conference on Availability, Reliability and Security

Publishing placeNew York, NY

Publication year2019

Book title ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Number in series59

ISBN978-1-4503-7164-3

DOIhttps://doi.org/10.1145/3339252.3340337(external)

Web address https://dl.acm.org/doi/pdf/10.1145/3339252.3340337(external)


Abstract

To achieve a level of security that is just right, software development projects need to strike a balance between security and cost. This necessitates making such decisions as to what security activities to perform in development and which security requirements should be given priority. Current evidence indicates that in many agile development projects, software security is dealt with in a more or less "accidental" way based on individuals' security awareness and interest. This approach is unlikely to lead to an optimal security level for the product. This paper suggests Security Intention Recap Meetings as a recurring organisational tool for evaluating current practices regarding the security intentions of a software project, and to make decisions on how to move forward. These meetings involve key decision makers in the project, such as the product owner and the project manager, with the purpose of making security decisions visible and deliberate and to monitor their results



Last updated on 2024-26-11 at 15:44