Fitting security into agile software development
Research output: Contribution to journal › Article › Scientific › peer-review
|Number of pages||24|
|Journal||International Journal of Systems and Software Security and Protection|
|Publication status||Published - 13 Dec 2018|
|Publication type||A1 Journal article-refereed|
Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.