论文信息 - Integrating software development security activities with agile methodologies

Integrating software development security activities with agile methodologies

Because of several vulnerabilities in software products and high amount of damage caused by them, software developers are enforced to produce more secure systems. Software grows up through its life cycle, so software development methodologies should pay special attention to security aspects of the product. This paper focuses on agile methodologies in order to equip them with security activities. We can restrain reduction of agile nature of organization's current process by means of agility measurement and applying an efficient activity integration algorithm with a tunable parameter named agility reduction tolerance (ART). Using this approach, method engineer of the project can enhance his agile software development process with security features to increase product's trustworthiness.

Seyed-Hassan Mirian-Hosseinabadi | Hossein Keramati | S. Mirian-Hosseinabadi | Hossein Keramati

[1] Jan Jürjens,et al. Developing Secure Systems with UMLsec — From Business Processes to Implementation , 2001 .

[2] Marianne Swanson,et al. Security metrics guide for information technology systems , 2003 .

[3] Timothy Grance,et al. Security Considerations in the Information System Development Life Cycle , 2003 .

[4] Shirley M. Radack,et al. Security Considerations in the Information System Development Life Cycle | NIST , 2003 .

[5] Michael Howard,et al. The security development lifecycle : SDL, a process for developing demonstrably more secure software , 2006 .

[6] Wouter Joosen,et al. On the Secure Software Development Process: CLASP and SDL Compared , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[7] Philippe Kruchten,et al. Towards agile security assurance , 2004, NSPW '04.

[8] M. Angela Sasse,et al. Bringing security home: a process for developing secure and usable systems , 2003, NSPW '03.

[9] Konstantin Beznosov,et al. Extreme Security Engineering: On Employing XP Practices to Achieve , 2003 .