Security Assurance in Agile Software Development Methods

2022 ◽  
pp. 929-946
Author(s):  
Kalle Rindell ◽  
Sami Hyrynsalmi ◽  
Ville Leppänen

Agile software development was introduced in the beginning of the 2000s to increase the visibility and efficiency software projects. Since then it has become as an industry standard. However, fitting sequential security engineering development models into iterative and incremental development practices in agile methods has caused difficulties in defining, implementing, and verifying the security properties of software. In addition, agile methods have also been criticized for decreased quality of documentation, resulting in decreased security assurance necessary for regulative purposes and security measurement. As a consequence, lack of security assurance can complicate security incident management, thus increasing the software's potential lifetime cost. This chapter clarifies the requirements for software security assurance by using an evaluation framework to analyze the compatibility of established agile security development methods: XP, Scrum, and Kanban. The results show that the agile methods are not inherently incompatible with security engineering requirements.

Author(s):  
Kalle Rindell ◽  
Sami Hyrynsalmi ◽  
Ville Leppänen

Agile software development was introduced in the beginning of the 2000s to increase the visibility and efficiency software projects. Since then it has become as an industry standard. However, fitting sequential security engineering development models into iterative and incremental development practices in agile methods has caused difficulties in defining, implementing, and verifying the security properties of software. In addition, agile methods have also been criticized for decreased quality of documentation, resulting in decreased security assurance necessary for regulative purposes and security measurement. As a consequence, lack of security assurance can complicate security incident management, thus increasing the software's potential lifetime cost. This chapter clarifies the requirements for software security assurance by using an evaluation framework to analyze the compatibility of established agile security development methods: XP, Scrum, and Kanban. The results show that the agile methods are not inherently incompatible with security engineering requirements.


Author(s):  
Michal Dolezel ◽  
Alena Buchalcevova

People rely on structures to make their worlds orderly. This chapter conceptually probes into the problem of the differences between organizational structures deployed in traditional and agile environments. The authors develop an argument that all common forms of organizational entities can be classified by involving a two-dimensional classification scheme. Specifically, they constructed a typology to examine the issues of formal vs. informal authority, and disciplinarity vs. cross-functionality in terms of their significance for traditional and agile software development workplaces. Some examples of concrete organizational forms—including traditional project team, independent test team, self-organizing agile team and developers' community of practice—are discussed. In sum, they argue that by employing this classification scheme, they can theorize the nature of the on-going structural shift observed in conjunction with deploying agile software development methods. They acknowledge that the structures have fundamentally changed, terming the move “democratization” in the software development workplace.


Author(s):  
M. Siponen ◽  
R. Baskerville ◽  
R. Kuivalainen

Software developers can use agile software development methods to build secure information systems. Current agile methods have few (if any) explicit security fea-tures. While several discrete security methods (such as checklists and management standards) can supplement agile methods, few of these integrate seamlessly into other software development methods. Because of the severe constraints imposed by agile methods, these discrete security techniques integrate very poorly into agile approaches. This chapter demonstrates how the security features can be integrated into an agile method called feature driven development.


Author(s):  
M. Siponen ◽  
R. Baskerville ◽  
T. Kuivalainen

Software developers can use agile software development methods to build secure information systems. Current agile methods have few (if any) explicit security fea-tures. While several discrete security methods (such as checklists and management standards) can supplement agile methods, few of these integrate seamlessly into other software development methods. Because of the severe constraints imposed by agile methods, these discrete security techniques integrate very poorly into agile approaches. This chapter demonstrates how the security features can be integrated into an agile method called feature driven development.


Author(s):  
Diane E. Strode ◽  
Sid L. Huff

Achieving success in software development projects is a perennial challenge, and agile software development methods emerged to tackle this challenge. Agile software development provides a way to organise complex multi-participant software development projects while achieving fast delivery of quality software, meeting customer requirements, and coping effectively with project change. There is little understanding, however, of how such projects achieve effective coordination, which is a critical factor in successful software projects. Based on evidence from four cases, this chapter presents a theory explaining coordination in agile software projects. This theory defines the concepts of coordination strategy and coordination effectiveness and propositions explaining their relationship. This theory contributes to coordination literature by presenting clearly delineated concepts and their relationships in the form of a variance theory. For IT project management, this theory contributes to knowledge of coordination and coordination effectiveness in the context of agile software development.


Author(s):  
Breno Gontijo Tavares ◽  
Carlos Eduardo Sanches da Silva ◽  
Adler Diniz de Souza

Risk management contributes to software projects success, but agile software development methods do not offer specific activities to manage risks. Therefore, this study aims to propose a list of risk management practices for agile projects, aiming to increase their chances of success. We analyzed 129 works on agile methods that afforded 127 risk management practices. We categorized and ranked practices using the AHP multi-criteria method with the participation of experts in the subject. The study presents risk management practices for daily meetings, increment, prototype, product backlog and Sprint planning as the most important for the risk management effectiveness. This study identified specific risk management practices for agile methods, not converging with other studies. Results contribute to the risk management improvement in agile projects and, consequently, increase their chances of success.


Author(s):  
Anuradha Chaminda Gajanayaka

Agile software development has established as a reliable alternative to waterfall software development model. Unfortunately the use of agile software development has been limited to time based contracts and not for time limited contracts. The main reason for this limitation is the “Agile manifesto” itself. The forth value of the manifesto states that agile believers find more value in “Responding to change over following a plan”. This is the one of the main reasons why agile software development methods are not preferred for a fixed priced contract or time limited contract. The following case study provides an example on how the agile software development can be used for fixed priced software development contracts even when operating in offshore context. The agile software development concepts were used throughout to plan, execute, monitor, report, etc. for the project documented in this case study.


2016 ◽  
Vol 8 (2) ◽  
pp. 51-69 ◽  
Author(s):  
Steve Harrison ◽  
Antonis Tzounis ◽  
Leandros Maglaras ◽  
Francois Siewe ◽  
Richard Smith ◽  
...  

Sign in / Sign up

Export Citation Format

Share Document