Abstract
Success of the software development process is defined by its ability to transform the business objectives into requirements, and these further into features and functionality. In addition to business objectives, software development also has security objectives requiring security engineering activities. In contrast to the iterative and incremental software development process, software security engineering is defined by sequential life cycle models: security and business objectives are thus implemented using conflicting approaches. To identify the incompatibilities between the methodologies, in this study the security engineering activities are mapped into common agile software development practises, processes and artifacts. Security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security development lifecycle models are mapped into common agile processes, practises and artifacts. The organizational and technical aspects of the mapping are considered primarily from the point of view of achieving the security objectives set for the software engineering process: setting security requirements for design, their implementation and verification, and releasing secure software through efficient software security development process.
Original language | English |
---|---|
Title of host publication | Proceedings of the 19th International Conference on Agile Software Development: Companion |
Publisher | ACM |
Pages | 1-9 |
Number of pages | 8 |
ISBN (Print) | 978-1-4503-6422-5 |
DOIs | |
Publication status | Published - 25 May 2018 |
Publication type | A4 Article in conference proceedings |
Event | International Workshop on Secure Software Engineering in DevOps and Agile Development - Porto, Portugal Duration: 25 May 2018 → … Conference number: 9 http://www.secse.eu/ |
Workshop
Workshop | International Workshop on Secure Software Engineering in DevOps and Agile Development |
---|---|
Abbreviated title | SecSE 2018 |
Country/Territory | Portugal |
City | Porto |
Period | 25/05/18 → … |
Internet address |
Publication forum classification
- Publication forum level 1