Security Assurance in Agile Software Development Methods

Evaluation Framework ◽

Agile Methods ◽

Software Projects ◽

Security Engineering ◽

Security Incident ◽

Security Assurance ◽

Agile Software ◽

Agile software development was introduced in the beginning of the 2000s to increase the visibility and efficiency software projects. Since then it has become as an industry standard. However, fitting sequential security engineering development models into iterative and incremental development practices in agile methods has caused difficulties in defining, implementing, and verifying the security properties of software. In addition, agile methods have also been criticized for decreased quality of documentation, resulting in decreased security assurance necessary for regulative purposes and security measurement. As a consequence, lack of security assurance can complicate security incident management, thus increasing the software's potential lifetime cost. This chapter clarifies the requirements for software security assurance by using an evaluation framework to analyze the compatibility of established agile security development methods: XP, Scrum, and Kanban. The results show that the agile methods are not inherently incompatible with security engineering requirements.

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Balancing Agile and Disciplined Engineering and Management Approaches for IT Services and Software Products ◽

A Framework for Analyzing Structural Mechanisms Deployed to Support Traditional and Agile Methods

10.4018/978-1-7998-4165-4.ch011 ◽

2021 ◽

pp. 205-227

Author(s):

Michal Dolezel ◽

Alena Buchalcevova

Keyword(s):

Software Development ◽

Classification Scheme ◽

Organizational Structures ◽

Agile Methods ◽

Two Dimensional ◽

Dimensional Classification ◽

Agile Software ◽

Structural Mechanisms ◽

People rely on structures to make their worlds orderly. This chapter conceptually probes into the problem of the differences between organizational structures deployed in traditional and agile environments. The authors develop an argument that all common forms of organizational entities can be classified by involving a two-dimensional classification scheme. Specifically, they constructed a typology to examine the issues of formal vs. informal authority, and disciplinarity vs. cross-functionality in terms of their significance for traditional and agile software development workplaces. Some examples of concrete organizational forms—including traditional project team, independent test team, self-organizing agile team and developers' community of practice—are discussed. In sum, they argue that by employing this classification scheme, they can theorize the nature of the on-going structural shift observed in conjunction with deploying agile software development methods. They acknowledge that the structures have fundamentally changed, terming the move “democratization” in the software development workplace.

Extending Security in Agile Software Development Methods

Integrating Security and Software Engineering ◽

10.4018/978-1-59904-147-6.ch007 ◽

2007 ◽

pp. 143-159 ◽

Cited By ~ 1

Author(s):

M. Siponen ◽

R. Baskerville ◽

R. Kuivalainen

Keyword(s):

Information Systems ◽

Software Development ◽

Agile Methods ◽

Agile Method ◽

Management Standards ◽

Secure Information ◽

Agile Software ◽

Development Methods ◽

Software developers can use agile software development methods to build secure information systems. Current agile methods have few (if any) explicit security fea-tures. While several discrete security methods (such as checklists and management standards) can supplement agile methods, few of these integrate seamlessly into other software development methods. Because of the severe constraints imposed by agile methods, these discrete security techniques integrate very poorly into agile approaches. This chapter demonstrates how the security features can be integrated into an agile method called feature driven development.

Extending Security in Agile Software Development Methods

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch059 ◽

2008 ◽

pp. 845-858

Author(s):

M. Siponen ◽

R. Baskerville ◽

T. Kuivalainen

Keyword(s):

Information Systems ◽

Software Development ◽

Agile Methods ◽

Agile Method ◽

Management Standards ◽

Secure Information ◽

Agile Software ◽

Development Methods ◽

Software developers can use agile software development methods to build secure information systems. Current agile methods have few (if any) explicit security fea-tures. While several discrete security methods (such as checklists and management standards) can supplement agile methods, few of these integrate seamlessly into other software development methods. Because of the severe constraints imposed by agile methods, these discrete security techniques integrate very poorly into agile approaches. This chapter demonstrates how the security features can be integrated into an agile method called feature driven development.

Advances in IT Personnel and Project Management - Modern Techniques for Successful IT Project Management ◽

A Coordination Perspective on Agile Software Development

10.4018/978-1-4666-7473-8.ch004 ◽

2015 ◽

pp. 64-96

Author(s):

Diane E. Strode ◽

Sid L. Huff

Keyword(s):

Software Development ◽

Critical Factor ◽

Development Projects ◽

It Project Management ◽

Software Projects ◽

Coordination Strategy ◽

Agile Software ◽

And Coping ◽

Achieving success in software development projects is a perennial challenge, and agile software development methods emerged to tackle this challenge. Agile software development provides a way to organise complex multi-participant software development projects while achieving fast delivery of quality software, meeting customer requirements, and coping effectively with project change. There is little understanding, however, of how such projects achieve effective coordination, which is a critical factor in successful software projects. Based on evidence from four cases, this chapter presents a theory explaining coordination in agile software projects. This theory defines the concepts of coordination strategy and coordination effectiveness and propositions explaining their relationship. This theory contributes to coordination literature by presenting clearly delineated concepts and their relationships in the form of a variance theory. For IT project management, this theory contributes to knowledge of coordination and coordination effectiveness in the context of agile software development.

Proceedings of the 16th International Conference on Computer Systems and Technologies - CompSysTech '15 ◽

A comparison of security assurance support of agile software development methods

10.1145/2812428.2812431 ◽

2015 ◽

Cited By ~ 5

Author(s):

Kalle Rindell ◽

Sami Hyrynsalmi ◽

Ville Leppänen

Keyword(s):

Software Development ◽

Security Assurance ◽

Agile Software ◽

Development Methods ◽

Practices to Improve Risk Management in Agile Projects

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194019500165 ◽

2019 ◽

Vol 29 (03) ◽

pp. 381-399 ◽

Cited By ~ 3

Author(s):

Breno Gontijo Tavares ◽

Carlos Eduardo Sanches da Silva ◽

Adler Diniz de Souza

Keyword(s):

Risk Management ◽

Software Development ◽

Management Practices ◽

Agile Methods ◽

Management Effectiveness ◽

Software Projects ◽

The Subject ◽

Specific Activities ◽

Agile Software ◽

Risk management contributes to software projects success, but agile software development methods do not offer specific activities to manage risks. Therefore, this study aims to propose a list of risk management practices for agile projects, aiming to increase their chances of success. We analyzed 129 works on agile methods that afforded 127 risk management practices. We categorized and ranked practices using the AHP multi-criteria method with the participation of experts in the subject. The study presents risk management practices for daily meetings, increment, prototype, product backlog and Sprint planning as the most important for the risk management effectiveness. This study identified specific risk management practices for agile methods, not converging with other studies. Results contribute to the risk management improvement in agile projects and, consequently, increase their chances of success.

Agile Software Development Methods: A Comparative Review1

10.1007/978-3-642-12575-1_3 ◽

2010 ◽

pp. 31-59 ◽

Cited By ~ 20

Author(s):

Pekka Abrahamsson ◽

Nilay Oza ◽

Mikko T. Siponen

Keyword(s):

Software Development ◽

Agile Software ◽

Development Methods ◽

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Emerging Innovations in Agile Software Development ◽

Fixed Priced Projects in Agile

10.4018/978-1-4666-9858-1.ch012 ◽

2016 ◽

pp. 222-236

Author(s):

Anuradha Chaminda Gajanayaka

Keyword(s):

Software Development ◽

Development Model ◽

Software Development Model ◽

Responding To Change ◽

The One ◽

Agile Software ◽

Development Methods ◽

Agile software development has established as a reliable alternative to waterfall software development model. Unfortunately the use of agile software development has been limited to time based contracts and not for time limited contracts. The main reason for this limitation is the “Agile manifesto” itself. The forth value of the manifesto states that agile believers find more value in “Responding to change over following a plan”. This is the one of the main reasons why agile software development methods are not preferred for a fixed priced contract or time limited contract. The following case study provides an example on how the agile software development can be used for fixed priced software development contracts even when operating in offshore context. The agile software development concepts were used throughout to plan, execute, monitor, report, etc. for the project documented in this case study.