Tampere University of Technology

TUTCRIS Research Portal

A comparison of security assurance support of agile software development methods

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Details

Original languageEnglish
Title of host publicationComputer Systems and Technologies - 16th International Conference, CompSysTech 2015: Proceedings
PublisherAssociation for Computing Machinery
Pages61-68
Number of pages8
Volume1008
ISBN (Electronic)9781450333573
DOIs
Publication statusPublished - 25 Jun 2015
Publication typeA4 Article in a conference publication
Event16th International Conference on Computer Systems and Technologies, CompSysTech 2015 - Dublin, Ireland
Duration: 25 Jun 201526 Jun 2015

Conference

Conference16th International Conference on Computer Systems and Technologies, CompSysTech 2015
CountryIreland
CityDublin
Period25/06/1526/06/15

Abstract

Agile methods increase the speed and reduce the cost of software projects; however, they have been criticized for lack of documentation, traditional quality control, and, most importantly, lack of security assurance - mostly due to their informal and self-organizing approach to software development. This paper clarifies the requirements for security assurance by using an evaluation framework to analyze the compatibility of established agile security development methods: XP, Scrum and Kanban, combined with Microsoft SDL security framework, against Finland's established national security regulation (Vahti). We also analyze the selected methods based on their role definitions, and provide some avenues for future research.

Keywords

  • DESMET, Kanban, Scrum, SDL, Secure agile development, Security assurance, Vahti, XP