Til hovedinnhold

The Security Intention Meeting Series as a way to increase visibility of software security decisions in agile development projects

The Security Intention Meeting Series as a way to increase visibility of software security decisions in agile development projects

Kategori
Del av bok/rapport
Sammendrag
To achieve a level of security that is just right, software development projects need to strike a balance between security and cost. This necessitates making such decisions as to what security activities to perform in development and which security requirements should be given priority. Current evidence indicates that in many agile development projects, software security is dealt with in a more or less "accidental" way based on individuals' security awareness and interest. This approach is unlikely to lead to an optimal security level for the product. This paper suggests Security Intention Recap Meetings as a recurring organisational tool for evaluating current practices regarding the security intentions of a software project, and to make decisions on how to move forward. These meetings involve key decision makers in the project, such as the product owner and the project manager, with the purpose of making security decisions visible and deliberate and to monitor their results
Oppdragsgiver
  • Norges forskningsråd / 501529
Språk
Engelsk
Institusjon(er)
  • Norges teknisk-naturvitenskapelige universitet
  • SINTEF Digital / Software Engineering, Safety and Security
  • SINTEF Digital
År
2019
Publisert i
ACM International Conference Proceeding Series
Forlag
Association for Computing Machinery (ACM)
Bok
ARES '19 Proceedings of the 14th International Conference on Availability, Reliability and Security Canterbury, CA, United Kingdom — August 26 - 29, 2019
Hefte nr.
ARES '19
ISBN
978-1-4503-7164-3