A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
The Security Intention Meeting Series as a way to increase visibility of software security decisions in agile development projects
Tekijät: Tøndel I. A., Cruzes D. S., Jaatun M. G., Rindell K.
Toimittaja: N/A
Konferenssin vakiintunut nimi: International Conference on Availability, Reliability and Security
Kustannuspaikka: New York, NY
Julkaisuvuosi: 2019
Kokoomateoksen nimi: ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security
Numero sarjassa: 59
ISBN: 978-1-4503-7164-3
DOI: https://doi.org/10.1145/3339252.3340337
Verkko-osoite: https://dl.acm.org/doi/pdf/10.1145/3339252.3340337
To achieve a level of security that is just right, software development projects need to strike a balance between security and cost. This necessitates making such decisions as to what security activities to perform in development and which security requirements should be given priority. Current evidence indicates that in many agile development projects, software security is dealt with in a more or less "accidental" way based on individuals' security awareness and interest. This approach is unlikely to lead to an optimal security level for the product. This paper suggests Security Intention Recap Meetings as a recurring organisational tool for evaluating current practices regarding the security intentions of a software project, and to make decisions on how to move forward. These meetings involve key decision makers in the project, such as the product owner and the project manager, with the purpose of making security decisions visible and deliberate and to monitor their results
