TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Aligning Security Objectives With Agile Software Development

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
OtsikkoProceedings of the 19th International Conference on Agile Software Development: Companion
KustantajaACM
Sivut1-9
Sivumäärä8
ISBN (painettu)978-1-4503-6422-5
DOI - pysyväislinkit
TilaJulkaistu - 25 toukokuuta 2018
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaInternational Workshop on Secure Software Engineering in DevOps and Agile Development - Porto, Portugali
Kesto: 25 toukokuuta 2018 → …
Konferenssinumero: 9
http://www.secse.eu/

Workshop

WorkshopInternational Workshop on Secure Software Engineering in DevOps and Agile Development
LyhennettäSecSE 2018
MaaPortugali
KaupunkiPorto
Ajanjakso25/05/18 → …
www-osoite

Tiivistelmä

Success of the software development process is defined by its ability to transform the business objectives into requirements, and these further into features and functionality. In addition to business objectives, software development also has security objectives requiring security engineering activities. In contrast to the iterative and incremental software development process, software security engineering is defined by sequential life cycle models: security and business objectives are thus implemented using conflicting approaches. To identify the incompatibilities between the methodologies, in this study the security engineering activities are mapped into common agile software development practises, processes and artifacts. Security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security development lifecycle models are mapped into common agile processes, practises and artifacts. The organizational and technical aspects of the mapping are considered primarily from the point of view of achieving the security objectives set for the software engineering process: setting security requirements for design, their implementation and verification, and releasing secure software through efficient software security development process.

Julkaisufoorumi-taso

Latausten tilastot

Ei tietoja saatavilla