TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Fitting security into agile software development

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
Artikkeli3
Sivut47-70
Sivumäärä24
JulkaisuInternational Journal of Systems and Software Security and Protection
Vuosikerta9
Numero1
DOI - pysyväislinkit
TilaJulkaistu - 13 joulukuuta 2018
OKM-julkaisutyyppiA1 Alkuperäisartikkeli

Tiivistelmä

Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

Julkaisufoorumi-taso