nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Meeting Requirements Imposed by Secure Software Development Standards and Still Remaining Agile

verfasst von : Janusz Górski, Katarzyna Łukasiewicz

Erschienen in: Computer Network Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The paper introduces the AgileSafe method of selecting agile practices for software development projects that are constrained by assurance requirements resulting from safety and/or security related standards. Such requirements are represented by argumentation templates which explain how the evidence collected during agile practices implementation will support the conformity with the requirements. Application of the method is demonstrated by referring to a case study of development of a medical domain related application that is supposed to meet the requirements imposed by the IEC 62443-4.1 standard.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Adapting Enterprise Security Approaches for Evolving Cloud Processing and Networking Models

Microsoft Security Development Lifecycle (SDL). https://www.microsoft.com/en-us/sdl/

Building Security in Maturity Model (BSIMM). https://www.bsimm.com/

ISO/IEC 27034 series Application security. http://www.iso27001security.com/html/27034.html

IEC 62443-4-1 4-1: Secure product development life-cycle requirements

Manifesto for Agile Software Development. http://agilemanifesto.org

Schwaber, K., Beedle, M.: Agile Software Development with Scrum. Prentice Hall, Upper Saddle River (2002)MATH

Beck, K., Andres, C.: Extreme Programming Explained. Addison-Wesley Professional, Boston (2004)

Knaster, R., Leffingwell, D.: SAFe Distilled: Applying the Scaled Agile Framework for Lean Software and Systems Engineering. Addison-Wesley Professional (2017)

Scrum of Scrums | Agile Alliance. https://www.agilealliance.org/glossary/scrum-of-scrums/

10.

Kim, G., Willis, J., Debois, P., Humble, J., Allspaw, J.: The DevOps Handbook. Trade Select (2016)

11.

Paige, R.F., Charalambous, R., Ge, X., Brooke, P.J.: Towards agile engineering of high-integrity systems. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 30–43. Springer, Heidelberg (2008). doi:10.1007/978-3-540-87698-4_6 CrossRef

12.

Rasmussen, R., Hughes, T., Jenks, J., Skach, J.: Adopting agile in an FDA regulated environment. In: Proceedings of the 2009 Agile Conference, pp. 151–155 (2009)

13.

McHugh, M., McCaffery, F., Coady, G.: An agile implementation within a medical device software organisation. Commun. Comput. Inf. Sci. 477, 190–201 (2014)

14.

Myklebust, T., Stålhane, T., Hanssen, G.: Use of agile practices when developing safety-critical software. In: Proceeding of International System Safety Conference (2016)

15.

Łukasiewicz, K., Górski, J.: AgileSafe – a method of introducing agile practices into safety-critical software development processes. In: Proceedings of the 2016 Federated Conference on Computer Science and Information Systems (2016)

16.

Ambler, S.: IBM agility@scale™: Become as Agile as You Can Be. IBM (2010)

17.

Ambler, S.: Agility at Scale: Results from the Summer 2012 DDJ State of the IT Union Survey. http://www.ambysoft.com/surveys/stateOfITUnion201209.html

18.

Boström, G., Wäyrynen, J., Bodén, M., Beznosov, K., Kruchten, P.: Extending XP practices to support security requirements engineering. In: Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems - SESS 2006, pp. 11–18 (2006)

19.

ISO/IEC 15026 Systems and software engineering – Systems and software assurance

20.

NOR-STA tool. www.argevide.com

21.

Weinstock, C., Goodenough, J.: Towards an assurance case practice for medical devices. Technical Note Software Engineering Institute (2009)

22.

FDA: Guidance – Total Product Life Cycle: Infusion Pump-Premarket Notification Submissions [510 (k)] (2010)

23.

Weinstock, C.B., Lipson, H.F., Goodenough J.: Arguing security – creating security assurance cases. In: Software Engineering Institute Report (2007). http://resources.sei.cmu.edu/asset_files/WhitePaper/2013_019_001_293637.pdf

24.

Weinstock, C.B, Lipson, H.F.: Evidence of assurance: laying the foundation for a credible security case. In: Software Engineering Institute Report (2013), https://resources.sei.cmu.edu/asset_files/WhitePaper/2013_019_001_295685.pdf

25.

Alexander, R., Hawkins, R., Kelly, T.: Security assurance cases: motivation and the state of the art. In: University of York Report Number: CESG/TR/2011/1 (2011)

26.

Finnegan, A., McCaffery, F.: A Security argument pattern for medical device assurance cases. In: 2014 IEEE International Symposium on Software Reliability Engineering Workshops (2014)

27.

Ray, A., Cleaveland, R.: Security assurance cases for medical cyber and physical systems. IEEE Des. Test 32, 56–65 (2015)CrossRef

28.

Bright Inventions. http://brightinventions.pl/

29.

iBeacon - Apple Developer. https://developer.apple.com/ibeacon/

30.

Łukasiewicz, K.: Method of selecting programming practices for the safety-critical software development projects – a case study. Technical report n. 02/2017. Gdańsk University of Technology (2017)

31.

Your heart rate. What it means, and where on Apple Watch you’ll find it. https://support.apple.com/en-us/HT204666

32.

Cyra, L., Górski, J.: Support for argument structures review and assessment. Reliab. Eng. Syst. Safety 96, 26–37 (2011)CrossRef

33.

Stalhane, T., Hanssen, G., Myklebust, T.: The Application of SafeScrum to IEC 61508 certifiable Software, January 2014

Titel: Meeting Requirements Imposed by Secure Software Development Standards and Still Remaining Agile
verfasst von: Janusz Górski
Katarzyna Łukasiewicz
Verlag: Springer International Publishing
Buch: Computer Network Security
Print ISBN: 978-3-319-65126-2

Electronic ISBN: 978-3-319-65127-9

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-65127-9_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"