Skip to main content
SpringerLink
Log in

Identification and Evaluation of Security Activities in Agile Projects

  • Conference paper
Secure IT Systems (NordSec 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8208))

Included in the following conference series:

Abstract

We compare four high-profile waterfall security-engineering processes (CLASP, Microsoft SDL, Cigital Touchpoints and Common Criteria) with the available preconditions within agile processes. Then, using a survey study, agile security activities are identified and evaluated by practitioners from large companies, e.g. software and telecommunication companies. Those activities are compared and a specific security engineering process is suggested for an agile process setting that can provide high benefit with low integration cost.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Azham, Z., Ghani, I., Ithnin, N.: Security backlog in Scrum security practices. In: 5th Malaysian Conference in Software Engineering (MySEC), pp. 414–417 (2011)

    Google Scholar 

  2. Keramati, H., Mirian-Hosseinabadi, S.H.: Integrating software development security activities with agile methodologies. In: IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2008, pp. 749–754 (2008)

    Google Scholar 

  3. Baca, D.: Developing secure software in an agile process. Computer Science Department. Blekinge Institute of Technology Sweden, pp. 129–149 (2012)

    Google Scholar 

  4. Dybâ, T., Dingsoyr, T.: What do we know about agile software development? IEEE Software 26(5), 6–9 (2009)

    Article  Google Scholar 

  5. Bhardwaj, D.: Scrumming it up, a Survey on Current Software Industry Practices

    Google Scholar 

  6. Beznosov, K., Kruchten, P.: Towards agile security assurance. In: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 47–54 (2004)

    Google Scholar 

  7. Bartsch, S.: ‘Practitioners’ Perspectives on Security in Agile Development. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 479–484 (2011)

    Google Scholar 

  8. Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences, HICSS 2005, p. 185a (2005)

    Google Scholar 

  9. Baca, D., Carlsson, B.: Agile development with security engineering activities. In: Proceeding of the 2nd Workshop on Software Engineering for Sensor Network Applications, pp. 149–158 (2011)

    Google Scholar 

  10. Chivers, H., Paige, R.F., Ge, X.: Agile security using an incremental security architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, pp. 57–65. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Sonia, Singhal, A.: Integration Analysis of Security Activities from the Perspective of Agility. In: 2012 Agile, pp. 40–47. IEEE, India (2012)

    Google Scholar 

  12. Ge, X., Paige, R.F., Polack, F.A.C., Chivers, H., Brooke, P.J.: Agile development of secure web applications. In: Proceedings of the 6th International Conference on Web Engineering, pp. 305–312 (2006)

    Google Scholar 

  13. Category: CLASP Activity - OWASP, https://www.owasp.org/index.php/Category:CLASP_Activity (accessed: August 8, 2013)

  14. Buyens, K., Scandariato, R., Joosen, W.: Process activities supporting security principles. In: 31st Annual International Computer Software and Applications Conference, COMPSAC 2007, vol. 2, pp. 281–292 (2007)

    Google Scholar 

  15. De Win, B., Scandariato, R., Buyens, K., Grégoire, J., Joosen, W.: ‘On the secure software development process: CLASP, SDL and Touchpoints compared. Information and Software Technology 51(7), 1152–1171 (2009)

    Article  Google Scholar 

  16. McGraw, G.: Software security: building security, vol. 1. Addison-Wesley Professional (2006)

    Google Scholar 

  17. Mellado, D., Fernandez-Medina, E., Piattini, M.: A comparison of the Common Criteria with proposals of information systems security requirements. In: The First International Conference on Availability, Reliability and Security, ARES 2006, p. 8 (2006)

    Google Scholar 

  18. Baca, D., Petersen, K.: Prioritizing countermeasures through the countermeasure method for software security (CM-sec). In: Ali Babar, M., Vierimaa, M., Oivo, M. (eds.) PROFES 2010. LNCS, vol. 6156, pp. 176–190. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  19. Williams, L., Kessler, R.R., Cunningham, W., Jeffries, R.: Strengthening the case for pair programming. IEEE Software 17(4), 19–25 (2000)

    Article  Google Scholar 

  20. Simsek, Z., Veiga, J.F.: A primer on Internet organizational surveys. Organizational Research Methods 4(3), 218 (2001)

    Article  Google Scholar 

  21. Rea, L.M., Parker, R.A.: Designing and conducting survey research. Jossey-Bass Publishers, San Francisco (1997)

    Google Scholar 

  22. Wohlin, C.: Experimentation in software engineering: an introduction, vol. 6. Springer (2000)

    Google Scholar 

  23. Allen, J., Barnum, S., Ellison, R., McGraw, G., Mead, N.: Software security engineering: a guide for project managers. Addison-Wesley Professional (2008)

    Google Scholar 

  24. Manifesto for Agile Software Development, http://agilemanifesto.org/ (accessed: August 8, 2013)

Download references

Author information

Authors and Affiliations

  1. Blekinge Institute of Technology, Karlskrona, Sweden

    Tigist Ayalew, Tigist Kidane & Bengt Carlsson

Authors
  1. Tigist Ayalew
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tigist Kidane
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bengt Carlsson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Applied Mathematics and Computer Science, DTU Compute, Technical University of Denmark, Richard Petersens Plades, Building 322, 2800, Lyngby, Denmark

    Hanne Riis Nielson

  2. Institut für Sicherheit in verteilten Anwendungen, Technische Universität Hamburg-Harburg, E-15, Harburger Schloßstraße 20, 21079, Hamburg, Germany

    Dieter Gollmann

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ayalew, T., Kidane, T., Carlsson, B. (2013). Identification and Evaluation of Security Activities in Agile Projects. In: Riis Nielson, H., Gollmann, D. (eds) Secure IT Systems. NordSec 2013. Lecture Notes in Computer Science, vol 8208. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41488-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41488-6_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41487-9

  • Online ISBN: 978-3-642-41488-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation