Tampere University of Technology

TUTCRIS Research Portal

Security Assurance in Agile Software Development Methods: An Analysis of Scrum, XP and Kanban

Research output: Chapter in Book/Report/Conference proceedingChapterScientificpeer-review

Details

Original languageEnglish
Title of host publicationExploring Security in Software Architecture and Design
PublisherIGI Global
Chapter3
Pages47-68
ISBN (Print)9781522563136
DOIs
Publication statusPublished - Jan 2019
Publication typeA3 Part of a book or another research book

Abstract

Agile software development was introduced in the beginning of the 2000s to increase the visibility and efficiency software projects. Since then it has become as an industry standard. However, fitting sequential security engineering development models into iterative and incremental development practices in agile methods has caused difficulties in defining, implementing, and verifying the security properties of software. In addition, agile methods have also been criticized for decreased quality of documentation, resulting in decreased security assurance necessary for regulative purposes and security measurement. As a consequence, lack of security assurance can complicate security incident management, thus increasing the software's potential lifetime cost. This chapter clarifies the requirements for software security assurance by using an evaluation framework to analyze the compatibility of established agile security development methods: XP, Scrum, and Kanban. The results show that the agile methods are not inherently incompatible with security engineering requirements.

Publication forum classification

Field of science, Statistics Finland