000000089 001__ 89
000000089 005__ 20130522141951.0
000000089 037__ $$aLERSSE-PRESENTATION-2005-046
000000089 041__ $$aeng
000000089 100__ $$aKonstantin Beznosov
000000089 100__ $$aPhilippe Kruchten
000000089 245__ $$aTowards Agile Security Assurance
000000089 260__ $$c2005-10-16
000000089 520__ $$aAgile development methods are promising to become the next generation replacing water-fall development. They could eventually replace the plan-driven methodologies not only in pure software solutions in such benign domains as word processing and office automation but also in security-critical projects with both software and hardware parts developed or integrated together. At the same time, the accepted practices for security assurance appear to go totally contrary to agile approaches. Can and how security assurance be adopted by agile developers? What needs to be done for the adoption to happen? This paper makes a first step toward answering these questions in a pursuit for agile security assurance. It re-examines the conventional practices of security assurance to find out how well they suite agile development methodologies. It classifies security assurance methods and techniques with regards to their clash with agile development. For those in conflict, ways of alleviating it are suggested.
000000089 6531_ $$aagile methods
000000089 6531_ $$aeXtreme Programming
000000089 6531_ $$aXP
000000089 6531_ $$asecurity assurance
000000089 6531_ $$aengineering secure software
000000089 8560_ $$fqiangw@ece.ubc.ca
000000089 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/89/files/89.pdf$$yTransfer from CDS 0.99.7
000000089 909C4 $$pKonstantin Beznosov, Philippe Kruchten, "Towards Agile	Security Assurance," presentation given 	at The New Security Paradigms Workshop (NSPW), White Point Beach Resort, Nova	Scotia, Canada, 20 September, 2004.  
000000089 980__ $$aPRESENTATION