Fitting security into agile software development

Kalle Rindell; Sami Hyrynsalmi; Ville Leppänen

doi:10.4018/IJSSSP.2018010103

Fitting security into agile software development

Kalle Rindell
, Sami Hyrynsalmi
, Ville Leppänen

Research output: Contribution to journal › Article › Scientific › peer-review

Abstract

Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

Original language	English
Article number	3
Pages (from-to)	47-70
Number of pages	24
Journal	International Journal of Systems and Software Security and Protection
Volume	9
Issue number	1
DOIs	https://doi.org/10.4018/IJSSSP.2018010103
Publication status	Published - 13 Dec 2018
Publication type	A1 Journal article-refereed

Publication forum classification

Publication forum level 1

Access to Document

10.4018/IJSSSP.2018010103

Cite this

@article{1fa29610aab649f198f5a5b65a08cc0c,

title = "Fitting security into agile software development",

abstract = "Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.",

author = "Kalle Rindell and Sami Hyrynsalmi and Ville Lepp{\"a}nen",

note = "jufoid=82187",

year = "2018",

month = dec,

day = "13",

doi = "10.4018/IJSSSP.2018010103",

language = "English",

volume = "9",

pages = "47--70",

journal = "International Journal of Systems and Software Security and Protection",

issn = "2640-4265",

publisher = "IGI Global",

number = "1",

}

TY - JOUR

T1 - Fitting security into agile software development

AU - Rindell, Kalle

AU - Hyrynsalmi, Sami

AU - Leppänen, Ville

N1 - jufoid=82187

PY - 2018/12/13

Y1 - 2018/12/13

N2 - Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

AB - Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

U2 - 10.4018/IJSSSP.2018010103

DO - 10.4018/IJSSSP.2018010103

M3 - Article

SN - 2640-4265

VL - 9

SP - 47

EP - 70

JO - International Journal of Systems and Software Security and Protection

JF - International Journal of Systems and Software Security and Protection

IS - 1

M1 - 3

ER -

Fitting security into agile software development

Abstract

Publication forum classification

Access to Document

Fingerprint

Cite this