论文信息 - Security backlog in Scrum security practices

Security backlog in Scrum security practices

The rapid development of software nowadays requires the high speed software product delivery by development teams. In order to deliver the product faster, the development teams make a transformation to their conventional software development lifecycle to agile development method which can enable them towards speedy delivery of software coping with the requirements-change phenomenon. In this scenario, one of the most popular techniques in Agile development is the Scrum methodology which has been criticised in term of its security aspect cycle that ignores the security risk management activity. However, the current practices suggest that security should be considered during all stages of the software development life cycle. In order to address the aforementioned issue, this paper proposes the integration of security principles in development phases using scrum and suggests the element of security backlog that can be used as security features analysis and implementation in scrum phases.

Imran Ghani | Norafida Ithnin | Zulkarnain Azham

[1] Andrew M. Gravell,et al. Agile security issues: an empirical study , 2010, ESEM '10.

[2] Richard F. Paige,et al. Extreme Programming Security Practices , 2007, XP.

[3] Ken Frazer,et al. Building secure software: how to avoid security problems the right way , 2002, SOEN.

[4] Per Håkon Meland,et al. Security Testing in Agile Web Application Development - A Case Study Using the EAST Methodology , 2010, XP.

[5] Andrew M. Gravell,et al. Agile security issues: a research study , 2010 .

[6] Nancy R. Mead,et al. Software Security Engineering: A Guide for Project Managers , 2004 .

[7] Richard Baskerville,et al. Integrating Security into Agile Development Methods , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[8] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[9] Seyed-Hassan Mirian-Hosseinabadi,et al. Integrating software development security activities with agile methodologies , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.