Extending the Agile Development Process to Develop Acceptably Secure Software

BEN OTHMANE, Lotfi; Angin, PELİN; WEFFERS, Harold; BHARGAVA, Bharat

doi:10.1109/tdsc.2014.2298011

Extending the Agile Development Process to Develop Acceptably Secure Software

Atıf İçin Kopyala

BEN OTHMANE L., Angin P., WEFFERS H., BHARGAVA B.

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, cilt.11, sa.6, ss.497-509, 2014 (SCI-Expanded)

Yayın Türü: Makale / Tam Makale
Cilt numarası: 11 Sayı: 6
Basım Tarihi: 2014
Doi Numarası: 10.1109/tdsc.2014.2298011
Dergi Adı: IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus
Sayfa Sayıları: ss.497-509
Anahtar Kelimeler: Agile software development, secure software, security assurance cases
Orta Doğu Teknik Üniversitesi Adresli: Hayır

Özet

The agile software development approach makes developing secure software challenging. Existing approaches for extending the agile development process, which enables incremental and iterative software development, fall short of providing a method for efficiently ensuring the security of the software increments produced at the end of each iteration. This article (a) proposes a method for security reassurance of software increments and demonstrates it through a simple case study, (b) integrates security engineering activities into the agile software development process and uses the security reassurance method to ensure producing acceptably secure-by the business owner-software increments at the end of each iteration, and (c) discusses the compliance of the proposed method with the agile values and its ability to produce secure software increments.