Tampere University of Technology

TUTCRIS Research Portal

Aligning Security Objectives With Agile Software Development

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Details

Original languageEnglish
Title of host publicationProceedings of the 19th International Conference on Agile Software Development: Companion
PublisherACM
Pages1-9
Number of pages8
ISBN (Print)978-1-4503-6422-5
DOIs
Publication statusPublished - 25 May 2018
Publication typeA4 Article in a conference publication
EventInternational Workshop on Secure Software Engineering in DevOps and Agile Development - Porto, Portugal
Duration: 25 May 2018 → …
Conference number: 9
http://www.secse.eu/

Workshop

WorkshopInternational Workshop on Secure Software Engineering in DevOps and Agile Development
Abbreviated titleSecSE 2018
CountryPortugal
CityPorto
Period25/05/18 → …
Internet address

Abstract

Success of the software development process is defined by its ability to transform the business objectives into requirements, and these further into features and functionality. In addition to business objectives, software development also has security objectives requiring security engineering activities. In contrast to the iterative and incremental software development process, software security engineering is defined by sequential life cycle models: security and business objectives are thus implemented using conflicting approaches. To identify the incompatibilities between the methodologies, in this study the security engineering activities are mapped into common agile software development practises, processes and artifacts. Security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security development lifecycle models are mapped into common agile processes, practises and artifacts. The organizational and technical aspects of the mapping are considered primarily from the point of view of achieving the security objectives set for the software engineering process: setting security requirements for design, their implementation and verification, and releasing secure software through efficient software security development process.

Publication forum classification

Field of science, Statistics Finland

Downloads statistics

No data available