论文信息 - Extreme Programming Security Practices

Extreme Programming Security Practices

Current practice suggests that security is considered through all stages of the software development life cycle, and that a risk-based and plan-driven approach is best suited to establish security criteria. Based on experience in applying security practices, this paper proposes two new security practices, security training and a fundamental security architecture, for applying Extreme Programming.

Richard F. Paige | Xiaocheng Ge | Fiona A. C. Polack | Phillip J. Brooke

[1] Martin Fowler,et al. Is design dead , 2001 .

[2] Pankaj Kumar. J2EE Security for Servlets, EJBs, and Web Services: Applying Theory and Standards to Practice , 2003 .

[3] Karen A. Scarfone,et al. Guidelines on Securing Public Web Servers , 2002 .

[4] Richard F. Paige,et al. Security Planning and Refactoring in Extreme Programming , 2006, XP.

[5] Kent L. Beck,et al. Extreme programming explained - embrace change , 1990 .

[6] Richard Baskerville,et al. Integrating Security into Agile Development Methods , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[7] Michele Marchesi,et al. Extreme Programming and Agile Processes in Software Engineering , 2003, Lecture Notes in Computer Science.

[8] Kent Beck,et al. Extreme Programming Explained: Embrace Change (2nd Edition) , 2004 .

[9] Kenneth R. van Wyk,et al. Secure Coding: Principles and Practices , 2003 .

[10] Richard F. Paige,et al. Agile Security Using an Incremental Security Architecture , 2005, XP.

[11] Richard Baskerville. Agile Security For Information Warfare: A Call For Research , 2004, ECIS.

[12] Gary McGraw,et al. Building Secure Software : ソフトウェアセキュリティについて開発者が知っているべきこと , 2006 .

[13] Charles P. Pfleeger,et al. Security in computing , 1988 .