Til hovedinnhold
Norsk English

Agile Software Development: The Straight and Narrow Path to Secure Software?

Sammendrag

In this article, we contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile context. The interviews indicate that small and medium-sized agile software development organizations do not use any particular methodology to achieve security goals, even when their software is web-facing and potential targets of attack, and our case study confirms that even in cases where security is an articulated requirement, and where security design is fed as input to the implementation team, there is no guarantee that the end result meets the security objectives. We contend that security must be built as an intrinsic software property and emphasize the need for security awareness throughout the whole software development lifecycle. We suggest two extensions to agile methodologies that may contribute to ensuring focus on security during the complete lifecycle

Kategori

Vitenskapelig artikkel

Språk

Engelsk

Forfatter(e)

Institusjon(er)

  • Norges teknisk-naturvitenskapelige universitet
  • SINTEF Digital / Software Engineering, Safety and Security

År

2010

Publisert i

International Journal of Secure Software Engineering (IJSSE)

ISSN

1947-3036

Forlag

IGI Global

Årgang

1

Hefte nr.

3

Side(r)

71 - 85

Vis denne publikasjonen hos Cristin