Tampere University of Technology

TUTCRIS Research Portal

Security Assurance in Agile Software Development Methods: An Analysis of Scrum, XP and Kanban

Research output: Chapter in Book/Report/Conference proceedingChapterScientificpeer-review


Original languageEnglish
Title of host publicationExploring Security in Software Architecture and Design
PublisherIGI Global
ISBN (Print)9781522563136
Publication statusPublished - Jan 2019
Publication typeA3 Part of a book or another research book


Agile software development was introduced in the beginning of the 2000s to increase the visibility and efficiency software projects. Since then it has become as an industry standard. However, fitting sequential security engineering development models into iterative and incremental development practices in agile methods has caused difficulties in defining, implementing, and verifying the security properties of software. In addition, agile methods have also been criticized for decreased quality of documentation, resulting in decreased security assurance necessary for regulative purposes and security measurement. As a consequence, lack of security assurance can complicate security incident management, thus increasing the software's potential lifetime cost. This chapter clarifies the requirements for software security assurance by using an evaluation framework to analyze the compatibility of established agile security development methods: XP, Scrum, and Kanban. The results show that the agile methods are not inherently incompatible with security engineering requirements.

Publication forum classification

Field of science, Statistics Finland