A Novel Lightweight Solo Software Development Methodology With Optimum Security Practices

The diffusion of software into all areas of life and all forms of business, increases the demand for high-quality and secure software products. Software development methodologies are designed to improve the quality of software by incorporating practices that promote quality in the developed software. Software security is an important facet of software quality, particularly in this era, where most software is deployed for use over the Internet. Most research on developing high-quality and secure software is normally focused on teams at the expense of individual developers. In trying to fill this gap, in this paper we propose an agile secure-software development methodology. We design a methodology that promotes quality and security in the software products of solo developers. We integrate quality practices with lightweight security practices to produce agile secure software development practices. We draw quality practices from a solo software development framework designed in our previous study, while security practices are drawn from existing lightweight methodologies. We adapt Keramati and Mirian-Hosseinabadi’s algorithm to integrate the two sets of practices, taking care to maintain an optimum degree of agility in the target methodology. We evaluate the utility of the resultant methodology through a case study. Results from the case study show that our proposed methodology can be used to build quality and secure software products without compromising the agility of the methodology.

[1]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[2]  Daniela Quiñones Otey A methodology to develop usability / user experience heuristics , 2017, Interacción.

[3]  Brian Henderson-Sellers,et al.  Crystallization of agility back to basics , 2006, ICSOFT.

[4]  Iva Krasteva,et al.  Personal Extreme Programming – An Agile Process for Autonomous Developers , 2009 .

[5]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[6]  Ernest Mnkandla,et al.  A Metasynthesis of Solo Software Development Methodologies , 2019, 2019 International Multidisciplinary Information Technology and Engineering Conference (IMITEC).

[7]  Imran Ghani,et al.  Integrating Software Security into Agile-Scrum Method , 2014, KSII Trans. Internet Inf. Syst..

[8]  Hema Banati,et al.  FISA-XP: an agile-based integration of security activities with extreme programming , 2014, SOEN.

[9]  Juan Antonio Morente-Molinera,et al.  DeSoftIn: A methodological proposal for individual software development , 2017 .

[10]  Asif Qumer Gill,et al.  Measuring agility and adaptibility of agile methods: A 4 dimensional analytical tool , 2006 .

[11]  Daniela Cruzes,et al.  How is Security Testing Done in Agile Teams? A Cross-Case Analysis of Four Software Teams , 2017, XP.

[12]  Brahim Hamid,et al.  Engineering secure systems: Models, patterns and empirical validation , 2018, Comput. Secur..

[13]  Sakgasit Ramingwong,et al.  Solo Scrum in Bureaucratic Organization: A Case Study from Thailand , 2018 .

[14]  Ravikant Agarwal,et al.  Extreme programming for a single person team , 2008, ACM-SE 46.

[15]  Hamid Reza Shahriari,et al.  Athena: A framework to automatically generate security test oracle via extracting policies from source code and intended software behaviour , 2019, Inf. Softw. Technol..

[16]  Bill Chu,et al.  Supporting secure programming in web applications through interactive static analysis , 2013, Journal of advanced research.

[17]  Francisco J. García-Peñalvo,et al.  Faat: freelance as a team , 2015, TEEM '15.

[18]  Ville Leppänen,et al.  Busting a Myth: Review of Agile Security Engineering Methods , 2017, ARES.

[19]  Philippe Kruchten,et al.  Towards agile security assurance , 2004, NSPW '04.

[20]  Paula Kotzé,et al.  Design Science Research as Research Approach in Doctoral Studies , 2015, AMCIS.

[21]  Roel Wieringa,et al.  Design Science Methodology for Information Systems and Software Engineering , 2014, Springer Berlin Heidelberg.

[22]  A. Singhal,et al.  Integration Analysis of Security Activities from the Perspective of Agility , 2012, 2012 Agile India.

[23]  Ansar Abbas,et al.  Systematic Review of Web Application Security Vulnerabilities Detection Methods , 2015 .

[24]  Seyed-Hassan Mirian-Hosseinabadi,et al.  Integrating software development security activities with agile methodologies , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[25]  D. Strode,et al.  Methodology in Software Development Capstone Projects , 2007 .

[26]  Munindar P. Singh,et al.  Toward effective adoption of secure software development practices , 2018, Simul. Model. Pract. Theory.

[27]  Asif Gill,et al.  An evaluation of the degree of agility in six agile methods and its applicability for method engineering , 2008, Inf. Softw. Technol..

[28]  Nalin Asanka Gamagedara Arachchilage,et al.  Why Johnny can't develop a secure application? A usability analysis of Java Secure Socket Extension API , 2019, Comput. Secur..

[29]  Imran Ghani,et al.  Secure Feature Driven Development (SFDD) Model for Secure Software Development , 2014 .

[30]  Bharat K. Bhargava,et al.  Extending the Agile Development Process to Develop Acceptably Secure Software , 2014, IEEE Transactions on Dependable and Secure Computing.