Securing scrum for VAHTI

Kalle Rindell; Sami Hyrynsalmi; Ville Leppänen

Securing scrum for VAHTI

Kalle Rindell, Sami Hyrynsalmi, Ville Leppänen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

3 Citations (Scopus)

Abstract

Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.

Original language	English
Title of host publication	14th Symposium on Programming Languages and Software Tools
Place of Publication	Tampere, Finland
Pages	236-250
Number of pages	15
Publication status	Published - 2015
Publication type	A4 Article in conference proceedings

Publication series

Name	CEUR Workshop Proceedings
Volume	1525
ISSN (Print)	1613-0073

Keywords

Agile
Scrum
Security standards
Software security
VAHTI

ASJC Scopus subject areas

Computer Science(all)

Cite this

@inproceedings{3e29f434dbfa4953a88cfdac786ce393,

title = "Securing scrum for VAHTI",

abstract = "Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.",

keywords = "Agile, Scrum, Security standards, Software security, VAHTI",

author = "Kalle Rindell and Sami Hyrynsalmi and Ville Lepp{\"a}nen",

year = "2015",

language = "English",

series = "CEUR Workshop Proceedings",

pages = "236--250",

booktitle = "14th Symposium on Programming Languages and Software Tools",

}

TY - GEN

T1 - Securing scrum for VAHTI

AU - Rindell, Kalle

AU - Hyrynsalmi, Sami

AU - Leppänen, Ville

PY - 2015

Y1 - 2015

N2 - Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.

AB - Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.

KW - Agile

KW - Scrum

KW - Security standards

KW - Software security

KW - VAHTI

UR - http://www.scopus.com/inward/record.url?scp=84962566408&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84962566408

T3 - CEUR Workshop Proceedings

SP - 236

EP - 250

BT - 14th Symposium on Programming Languages and Software Tools

CY - Tampere, Finland

ER -

Securing scrum for VAHTI

Abstract

Publication series

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this