Abstract
We compare four high-profile waterfall security-engineering processes (CLASP, Microsoft SDL, Cigital Touchpoints and Common Criteria) with the available preconditions within agile processes. Then, using a survey study, agile security activities are identified and evaluated by practitioners from large companies, e.g. software and telecommunication companies. Those activities are compared and a specific security engineering process is suggested for an agile process setting that can provide high benefit with low integration cost.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Azham, Z., Ghani, I., Ithnin, N.: Security backlog in Scrum security practices. In: 5th Malaysian Conference in Software Engineering (MySEC), pp. 414–417 (2011)
Keramati, H., Mirian-Hosseinabadi, S.H.: Integrating software development security activities with agile methodologies. In: IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2008, pp. 749–754 (2008)
Baca, D.: Developing secure software in an agile process. Computer Science Department. Blekinge Institute of Technology Sweden, pp. 129–149 (2012)
Dybâ, T., Dingsoyr, T.: What do we know about agile software development? IEEE Software 26(5), 6–9 (2009)
Bhardwaj, D.: Scrumming it up, a Survey on Current Software Industry Practices
Beznosov, K., Kruchten, P.: Towards agile security assurance. In: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 47–54 (2004)
Bartsch, S.: ‘Practitioners’ Perspectives on Security in Agile Development. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 479–484 (2011)
Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences, HICSS 2005, p. 185a (2005)
Baca, D., Carlsson, B.: Agile development with security engineering activities. In: Proceeding of the 2nd Workshop on Software Engineering for Sensor Network Applications, pp. 149–158 (2011)
Chivers, H., Paige, R.F., Ge, X.: Agile security using an incremental security architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, pp. 57–65. Springer, Heidelberg (2005)
Sonia, Singhal, A.: Integration Analysis of Security Activities from the Perspective of Agility. In: 2012 Agile, pp. 40–47. IEEE, India (2012)
Ge, X., Paige, R.F., Polack, F.A.C., Chivers, H., Brooke, P.J.: Agile development of secure web applications. In: Proceedings of the 6th International Conference on Web Engineering, pp. 305–312 (2006)
Category: CLASP Activity - OWASP, https://www.owasp.org/index.php/Category:CLASP_Activity (accessed: August 8, 2013)
Buyens, K., Scandariato, R., Joosen, W.: Process activities supporting security principles. In: 31st Annual International Computer Software and Applications Conference, COMPSAC 2007, vol. 2, pp. 281–292 (2007)
De Win, B., Scandariato, R., Buyens, K., Grégoire, J., Joosen, W.: ‘On the secure software development process: CLASP, SDL and Touchpoints compared. Information and Software Technology 51(7), 1152–1171 (2009)
McGraw, G.: Software security: building security, vol. 1. Addison-Wesley Professional (2006)
Mellado, D., Fernandez-Medina, E., Piattini, M.: A comparison of the Common Criteria with proposals of information systems security requirements. In: The First International Conference on Availability, Reliability and Security, ARES 2006, p. 8 (2006)
Baca, D., Petersen, K.: Prioritizing countermeasures through the countermeasure method for software security (CM-sec). In: Ali Babar, M., Vierimaa, M., Oivo, M. (eds.) PROFES 2010. LNCS, vol. 6156, pp. 176–190. Springer, Heidelberg (2010)
Williams, L., Kessler, R.R., Cunningham, W., Jeffries, R.: Strengthening the case for pair programming. IEEE Software 17(4), 19–25 (2000)
Simsek, Z., Veiga, J.F.: A primer on Internet organizational surveys. Organizational Research Methods 4(3), 218 (2001)
Rea, L.M., Parker, R.A.: Designing and conducting survey research. Jossey-Bass Publishers, San Francisco (1997)
Wohlin, C.: Experimentation in software engineering: an introduction, vol. 6. Springer (2000)
Allen, J., Barnum, S., Ellison, R., McGraw, G., Mead, N.: Software security engineering: a guide for project managers. Addison-Wesley Professional (2008)
Manifesto for Agile Software Development, http://agilemanifesto.org/ (accessed: August 8, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ayalew, T., Kidane, T., Carlsson, B. (2013). Identification and Evaluation of Security Activities in Agile Projects. In: Riis Nielson, H., Gollmann, D. (eds) Secure IT Systems. NordSec 2013. Lecture Notes in Computer Science, vol 8208. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41488-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-41488-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41487-9
Online ISBN: 978-3-642-41488-6
eBook Packages: Computer ScienceComputer Science (R0)