Top

Published in:

2020 | OriginalPaper | Chapter

Adapting Agile Practices to Security Context – Practitioners’ Perspective

Authors : Katarzyna Łukasiewicz, Sara Cygańska

Published in: Advances in Agile and User-Centred Software Engineering

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this paper we explore the problem of introducing agile practices to projects dealing with systems with high security requirements. We also propose an approach based on AgileSafe method and OWASP ASVS guidelines, that could support such introduction. What is more, we present the results of two surveys aimed at analyzing IT practitioners’ views on applying agile methods to security reliant systems as well as evaluating the set of agile security-oriented practices which are a part of the proposed approach. This paper is an extended version of the paper “Security-oriented agile approach with AgileSafe and OWASP ASVS” that was published as a part of LASD 2019 conference proceedings [36].

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Identification of the Agile Mindset and Its Comparison to the Competencies of Selected Agile Roles

next chapter Quantitative Analysis of the Scrum Framework

VersionOne® Releases 11th Annual State of Agile Report (2017). https://www.versionone.com/about/press-releases/versionone-releases-11th-annual-state-of-agile-report/

Schwaber, K., Beedle, M.: Agile Software Development with Scrum. Prentice Hall, Upper Saddle River (2002)MATH

Beck, K., Andres, C.: Extreme Programming Explained. Addison-Wesley Professional, Boston (2004)

Anderson, D.: Kanban. Blue Hole Press, Sequim (2010)

Komolo, C., Gomez, M.: Incorporating security best practices into agile teams (2016). https://www.thoughtworks.com/insights/blog/incorporating-security-best-practices-agile-teams

Manico, J.: OWASP Application Security Verification Standard (2015)

Łukasiewicz, K., Górski, J.: AgileSafe – a method of introducing agile practices into safety-critical software development processes. In: Proceedings of the Federated Conference on Computer Science, vol. 8, pp. 1549–1552 (2016)

Agile Manifesto, Manifesto for Agile Software Development (2001). http://agilemanifesto.org

Drobka, J., Noftz, D., Raghu, R.: Piloting XP on four mission-critical projects. IEEE Softw. 21(6), 70–75 (2004)CrossRef

10.

Lindvall, M., et al.: Agile software development in large organizations. Computer 37(12), 26–34 (2004)CrossRef

11.

Knaster, R., Leffingwell, D.: SAFe Distilled: Applying the Scaled Agile Framework for Lean Software and Systems Engineering. Addison-Wesley Professional, New York (2017)

12.

Kim, G., Willis, J., Debois, P., Humble, J., Allspaw, J.: The DevOps Handbook. Trade Select (2016)

13.

International Organization for Standardization. About ISO - ISO. http://www.iso.org/iso/home/about.htm

14.

ISO/IEC, ISO/IEC 15408-1:2009(en) (2009). https://www.iso.org/obp/ui/#iso:std:iso-iec:15408:-1:ed-3:v2:en

15.

ISO/IEC, ISO/IEC 27032:2012 (2012)

16.

National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity (2014)

17.

OWASP. https://www.owasp.org/index.php/Main_Page

18.

OWASP users. https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#tab=ASVS_Users

19.

World’s Biggest Data Breaches & Hacks (2019). https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

20.

Mougouei, J.D., Fazlida, N., Sani, M., Almasi, M.M.: S-Scrum: a secure methodology for agile development of web services. World Comput. Sci. Inf. Technol. J. (WCSIT) 3(1), 15–19 (2013)

21.

Łukasiewicz, K.: Method of selecting programming practices for the safety-critical software development projects. Ph.D. dissertation, Department of Software Engineering, Gdańsk University of Technology, Gdańsk, Poland (2019)

22.

Górski, J., Jarzębowicz, J., Leszczyna, R., Miler, J., Olszewski, M.: Trust case: justifying trust in an IT solution. Reliab. Eng. Syst. Saf. 89(1), 33–47 (2005)CrossRef

23.

Musen, M.A.: The Protégé project: a look back and a look forward. AI Matters 1(4), 4–12 (2015). Association of Computing Machinery Specific Interest Group in Artificial IntelligenceCrossRef

24.

Górski, J., Łukasiewicz, K.: Meeting requirements imposed by secure software development standards and still remaining agile. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds.) MMM-ACNS 2017. LNCS, vol. 10446, pp. 3–15. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65127-9_1CrossRef

25.

IEC 62443-4-1 4-1: Secure product development life-cycle requirements

26.

Peeters, J.: Agile security requirements engineering. In: Symposium on Requirements Engineering for Information Security (2005)

27.

Fischer, E.A.: Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation (2014)

28.

Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)CrossRef

29.

Williams, L., Meneely, A., Shipley, G.: Protection poker: the new software security “game”. IEEE Secur. Priv. 3, 14–20 (2010)CrossRef

30.

Aydal, E.G., Paige, R.F., Chivers, H., Brooke, P.J.: Security planning and refactoring in extreme programming. In: Abrahamsson, P., Marchesi, M., Succi, G. (eds.) XP 2006. LNCS, vol. 4044, pp. 154–163. Springer, Heidelberg (2006). https://doi.org/10.1007/11774129_16CrossRef

31.

Boström, G., Wäyrynen, J., Bodén, M., Beznosov, K., Kruchten, P.: Extending XP practices to support security requirements engineering. In: Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems (SESS 2006). ACM, New York, pp. 11–18. http://dx.doi.org/10.1145/1137627.1137631

32.

Nguyen, T.: Integrating Security into Agile Methodologies. http://www.umsl.edu/~sauterv/analysis/F2015/Integrating%20Security%20into%20Agile%20methodologies.html.htm

33.

OWASP: Agile Software Development: Don’t Forget EVIL User Stories. https://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories

34.

Pohl, C., Hof, H.-J.: Secure Scrum: development of secure software with scrum. In: Securware 2015: The Ninth International Conference on Emerging Security Information, Systems and Technologies (2015)

35.

NOR-STA project Portal (2017). www.nor-sta.eu

36.

Łukasiewicz, K., Cygańska, S.: Security-oriented agile approach with AgileSafe and OWASP ASVS. In: Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, Leipzig, Germany (2019)

Title: Adapting Agile Practices to Security Context – Practitioners’ Perspective
Authors: Katarzyna Łukasiewicz
Sara Cygańska
Publisher: Springer International Publishing
Book: Advances in Agile and User-Centred Software Engineering
Print ISBN: 978-3-030-37533-1

Electronic ISBN: 978-3-030-37534-8

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-37534-8_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner