Securing scrum for VAHTI

Kalle Rindell, Sami Hyrynsalmi, Ville Leppänen

    Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

    3 Citations (Scopus)


    Software security is a combination of security methods, techniques and tools, aiming to promote data confidentiality, integrity, usability, availability and privacy. In order to achieve concrete and measurable levels of software security, several international, national and industry-level regulations have been established. Finnish governmental security standard collection, VAHTI, is one of the most extensive example of these standards. This paper presents a selection of methods, tools, techniques and modifications to Scrum software development method to achieve the levels of security compliant with VAHTI instructions for software development. These comprise of security-specific modifications and additions to Scrum roles, modifications to sprints, and inclusion of special hardening sprints and spikes to implement the security items in the product backlog. Security requirements are transformed to security stories, abuse cases and other security-related tasks. Definition of done regarding the VAHTI requirements on is established and the steps to achieve it are described.

    Original languageEnglish
    Title of host publication14th Symposium on Programming Languages and Software Tools
    Place of PublicationTampere, Finland
    Number of pages15
    Publication statusPublished - 2015
    Publication typeA4 Article in conference proceedings

    Publication series

    NameCEUR Workshop Proceedings
    ISSN (Print)1613-0073


    • Agile
    • Scrum
    • Security standards
    • Software security
    • VAHTI

    ASJC Scopus subject areas

    • Computer Science(all)


    Dive into the research topics of 'Securing scrum for VAHTI'. Together they form a unique fingerprint.

    Cite this