Shopping Cart | Login | Register | Language: English

Agile Software Development: The Straight and Narrow Path to Secure Software?

Volume 1, Issue 3. Copyright © 2010. 15 pages.
OnDemand Article PDF Download
Download link provided immediately after order completion
$37.50
Available. Instant access upon order completion.
DOI: 10.4018/jsse.2010070105
Sample PDFCite

MLA

Nicolaysen, Torstein, Richard Sassoon, Maria B. Line and Martin Gilje Jaatun. "Agile Software Development: The Straight and Narrow Path to Secure Software?." IJSSE 1.3 (2010): 71-85. Web. 31 Jul. 2014. doi:10.4018/jsse.2010070105

APA

Nicolaysen, T., Sassoon, R., Line, M. B., & Jaatun, M. G. (2010). Agile Software Development: The Straight and Narrow Path to Secure Software?. International Journal of Secure Software Engineering (IJSSE), 1(3), 71-85. doi:10.4018/jsse.2010070105

Chicago

Nicolaysen, Torstein, Richard Sassoon, Maria B. Line and Martin Gilje Jaatun. "Agile Software Development: The Straight and Narrow Path to Secure Software?," International Journal of Secure Software Engineering (IJSSE) 1 (2010): 3, accessed (July 31, 2014), doi:10.4018/jsse.2010070105

Export Reference

Mendeley
Favorite
Agile Software Development: The Straight and Narrow Path to Secure Software?
Access on Platform
Browse by Subject
Top

Abstract

In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile context. The interviews indicate that small and medium-sized agile software development organizations do not use any particular methodology to achieve security goals, even when their software is web-facing and potential targets of attack. This case study confirms that even in cases where security is an articulated requirement, and where security design is fed as input to the implementation team, there is no guarantee that the end result meets the security objectives. The authors contend that security must be built as an intrinsic software property and emphasize the need for security awareness throughout the whole software development lifecycle. This paper suggests two extensions to agile methodologies that may contribute to ensuring focus on security during the complete lifecycle.
Article Preview
Top

2. Background

Enabling information systems to communicate via open networks such as the Internet will always be associated with elements of risk. (Mavridis, Georgiadis, Pangalos, & Khair, 2001) correctly state that “Security risks cannot be entirely removed when transmitting information over the Internet”. The European Parliamentary Technology Assessment (EPTA) network has made similar considerations and specifically expressed concerns that privacy is challenged by the increase in development of ICT applications for the healthcare sector (EPTA, 2006). Such concerns are also raised by others, such as (Ilioudis & Pangalos, 2001) and (van der Haak et al., 2003).

(Boström, Wäyrynen, Bodén, Beznosov, & Kruchten, 2006) detail an extension to the XP planning game that is intended to establish a balance between the conventional (document-centric and plan-driven) way of doing security engineering, and the iteration-centric, feedback-driven XP practices. This is relevant as they try to solve a problem closely related to ours. The main difference is that they are specific to the XP methodology and only try to integrate the security requirements engineering (software security) activity, where as our approach is more generic for Agile methods and not focusing on just one specific security activity.

(Beznosov & Kruchten, 2004) attempt to find the pain points between agile methods and security assurance, and suggest some means on how to alleviate them. They group the problems and evaluate how good they match up against activities from security assurance. They focus on a specific problem, like Boström et al.’s approach, and do not seek to solve a more general problem.

Top

Complete Article List

Search this Journal: Reset
Volume 5: 1 Issue (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing