Aligning Security Objectives With Agile Software Development

Kalle Rindell, Sami Hyrynsalmi, Ville Leppänen

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

11 Citations (Scopus)
59 Downloads (Pure)

Abstract

Success of the software development process is defined by its ability to transform the business objectives into requirements, and these further into features and functionality. In addition to business objectives, software development also has security objectives requiring security engineering activities. In contrast to the iterative and incremental software development process, software security engineering is defined by sequential life cycle models: security and business objectives are thus implemented using conflicting approaches. To identify the incompatibilities between the methodologies, in this study the security engineering activities are mapped into common agile software development practises, processes and artifacts. Security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security development lifecycle models are mapped into common agile processes, practises and artifacts. The organizational and technical aspects of the mapping are considered primarily from the point of view of achieving the security objectives set for the software engineering process: setting security requirements for design, their implementation and verification, and releasing secure software through efficient software security development process.
Original languageEnglish
Title of host publicationProceedings of the 19th International Conference on Agile Software Development: Companion
PublisherACM
Pages1-9
Number of pages8
ISBN (Print)978-1-4503-6422-5
DOIs
Publication statusPublished - 25 May 2018
Publication typeA4 Article in conference proceedings
EventInternational Workshop on Secure Software Engineering in DevOps and Agile Development - Porto, Portugal
Duration: 25 May 2018 → …
Conference number: 9
http://www.secse.eu/

Workshop

WorkshopInternational Workshop on Secure Software Engineering in DevOps and Agile Development
Abbreviated titleSecSE 2018
Country/TerritoryPortugal
CityPorto
Period25/05/18 → …
Internet address

Publication forum classification

  • Publication forum level 1

Fingerprint

Dive into the research topics of 'Aligning Security Objectives With Agile Software Development'. Together they form a unique fingerprint.

Cite this