000000102 001__ 102
000000102 005__ 20130522141942.0
000000102 037__ $$aLERSSE-RefConfPaper-2006-016
000000102 041__ $$aeng
000000102 100__ $$aGustav Boström
000000102 100__ $$aJaana Wäyrynen
000000102 100__ $$aMarine Bodén, 
000000102 100__ $$aKonstantin Beznosov
000000102 100__ $$aPhilippe Kruchten
000000102 245__ $$aExtending XP Practices to Support Security Requirements Engineering
000000102 260__ $$c2006-02-06
000000102 300__ $$a7p
000000102 520__ $$a This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer security requirements while maintaining the iterative and rapid feedback-driven nature of XP. More specifically, these steps result in two new security-specific flavours of XP User stories: Abuser stories (threat scenarios) and Security-related User stories (security functionalities). The introduced extensions also aid in formulating security-specific coding and design standards to be used in the project, as well as in understanding the need for supporting specific Security-related User stories by the system. The proposed extensions have been tested in a student project.
000000102 6531_ $$aSecurity Engineering
000000102 6531_ $$aRequirements
000000102 6531_ $$aAgile Software Development
000000102 6531_ $$aeXtreme Programming
000000102 6531_ $$aDevelopment methodology
000000102 8560_ $$fbeznosov@ece.ubc.ca
000000102 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/102/files/102.pdf$$yTransfer from CDS 0.99.7
000000102 909C4 $$p Gustav Boström, Jaana Wäyrynen, Marine Bodén, Konstantin Beznosov, Philippe Kruchten, "Extending XP Practices to Support Security Requirements Engineering," Proceedings of Workshop on Software Engineering for Secure Systems (SESS), Shanghai, China, ACM, 20–21 May, 2006, pp.11-17.
000000102 980__ $$aRefConfPaper