LERSSE-PRESENTATION-2005-046

Towards Agile Security Assurance

Konstantin Beznosov ; Philippe Kruchten

16 October 2005

Abstract: Agile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions in such benign domains as word processing and office automation but also in security-critical projects with both software and hardware parts developed or integrated together. At the same time, the accepted practices for security assurance appear to go totally contrary to agile approaches. Can and how security assurance be adopted by agile developers? What needs to be done for the adoption to happen? This paper makes a first step toward answering these questions in a pursuit for agile security assurance. It re-examines the conventional practices of security assurance to find out how well they suite agile development methodologies. It classifies security assurance methods and techniques with regards to their clash with agile development. For those in conflict, ways of alleviating it are suggested.

Keyword(s): agile methods ; eXtreme Programming ; XP ; security assurance ; engineering secure software

Published in: Konstantin Beznosov, Philippe Kruchten, "Towards Agile Security Assurance," presentation given at The New Security Paradigms Workshop (NSPW), White Point Beach Resort, Nova Scotia, Canada, 20 September, 2004. :

The record appears in these collections:
Engineering Secure Software
Talks/Presentations

 Record created 2009-04-27, last modified 2013-05-22


Transfer from CDS 0.99.7:
Download fulltext
PDF

Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)