Tampere University of Technology

TUTCRIS Research Portal

Fitting security into agile software development

Research output: Contribution to journalArticleScientificpeer-review


Original languageEnglish
Article number3
Pages (from-to)47-70
Number of pages24
JournalInternational Journal of Systems and Software Security and Protection
Issue number1
Publication statusPublished - 13 Dec 2018
Publication typeA1 Journal article-refereed


Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

Publication forum classification

Field of science, Statistics Finland