Fitting security into agile software development

Kalle Rindell; Sami Hyrynsalmi; Ville Leppänen

doi:10.4018/IJSSSP.2018010103

Fitting security into agile software development

Kalle Rindell
, Sami Hyrynsalmi
, Ville Leppänen

Tutkimustuotos: Artikkeli › Tieteellinen › vertaisarvioitu

Abstrakti

Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

Alkuperäiskieli	Englanti
Artikkeli	3
Sivut	47-70
Sivumäärä	24
Julkaisu	International Journal of Systems and Software Security and Protection
Vuosikerta	9
Numero	1
DOI - pysyväislinkit	https://doi.org/10.4018/IJSSSP.2018010103
Tila	Julkaistu - 13 jouluk. 2018
OKM-julkaisutyyppi	A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä

Julkaisufoorumi-taso

Jufo-taso 1

Pääsy asiakirjaan

10.4018/IJSSSP.2018010103

Siteeraa tätä

@article{1fa29610aab649f198f5a5b65a08cc0c,

title = "Fitting security into agile software development",

abstract = "Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.",

author = "Kalle Rindell and Sami Hyrynsalmi and Ville Lepp{\"a}nen",

note = "jufoid=82187",

year = "2018",

month = dec,

day = "13",

doi = "10.4018/IJSSSP.2018010103",

language = "English",

volume = "9",

pages = "47--70",

journal = "International Journal of Systems and Software Security and Protection",

issn = "2640-4265",

publisher = "IGI Global",

number = "1",

}

TY - JOUR

T1 - Fitting security into agile software development

AU - Rindell, Kalle

AU - Hyrynsalmi, Sami

AU - Leppänen, Ville

N1 - jufoid=82187

PY - 2018/12/13

Y1 - 2018/12/13

N2 - Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

AB - Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

U2 - 10.4018/IJSSSP.2018010103

DO - 10.4018/IJSSSP.2018010103

M3 - Article

SN - 2640-4265

VL - 9

SP - 47

EP - 70

JO - International Journal of Systems and Software Security and Protection

JF - International Journal of Systems and Software Security and Protection

IS - 1

M1 - 3

ER -

Fitting security into agile software development

Abstrakti

Julkaisufoorumi-taso

Pääsy asiakirjaan

Sormenjälki

Siteeraa tätä