Towards agile security assurance

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2005, Pages 47-54

  Beznosov, Konstantin ^a   Kruchten, Philippe ^a  

^a UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SOFTWARE; SOFTWARE ENGINEERING;

AGILE DEVELOPMENT METHODOLOGIES; SECURITY ASSURANCE; SECURITY ENGINEERING;

SECURITY OF DATA;

EID: 29244436687     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1065907.1066034     Document Type: Conference Paper

References (36)

1. Standish Group, The Chaos Report, West Yarmouth, MA: The Standish Group, 1995.
2. J. A. Highsmith, Adaptive Software Development: A Collaborative Approach to Managing Complex Systems, New York: Dorset House, 2000.
3. K. Beznosov, "Extreme Security Engineering: On Employing XP Practices to Achieve 'Good Enough Security' without Defining It," presented at First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax, VA, USA, 2003.
4. Agile Alliance, "Manifesto for Agile Software Development," 2001.
5. A. Cockburn, Agile Software Development, Boston: Addison-Wesley, 2002.
6. L. Williams, R. R. Kessler, W. Cunningham, and R. Jeffries, "Strengthening the Case for Pair-Programming," IEEE Software, vol. 17, pp. 19-25, 2000.
7. R. W. Jensen, "A Pair Programming Experience," in CrossTalk, 2003.
8. CC, "Common Criteria for Information Technology Security Evaluation," 2.1 ed, 1999.
9. J. Voas and G. McGraw, Software Fault Injection: Inoculating Programs Against Errors, New York: John Wiley and Sons, 1997.
10. G. Wimmel and J. Jürjens, "Specification-Based Test Generation for Security-Critical Systems Using Mutations," presented at the 4th International Conference on Formal Engineering Methods, 2002.
11. G. Fink and M. Bishop, "Property Based Testing: A New Approach to Testing for Assurance," in ACM SIGSOFT Software Engineering Notes, vol. 22, 1997.
12. M. Vetterling, G. Wimmel, and A. Wisspeintner, "Secure Systems Development Based on the Common Criteria: The PalME Project," presented at the Tenth ACM SIGSOFT Symposium on Foundations of Software Engineering, Charleston, South Carolina, USA, 2002.
13. R. Breu, K. Burger, M. Hafner, J. Jürjens, G. Popp, G. Wimmel, and V. Lotz, "Key Issues of a Formally Based Process Model for Security Engineering," presented at 16th International Conference on Software & Systems Engineering & their Applications (ICSSEA), 2003.
14. C. o. t. E. Communities, "Information Technology Security Evaluation Criteria," 1.2 ed, 1991.
15. J. Andersen, "Computer Security Technology Planning Study," Air Force Electronic Systems Division ESD-TR-73-51, Vols. I and II, 1972.
16. M. Bishop, Computer Security: Art and Science. Boston: Pearson Education, Inc., 2003.
17. P. G. Neumann, R. J. Feiertag, K. N. Levitt, and L. Robinson, "Software Development and Proofs of Multi-level Security," presented at International Conference on Software Engineering, 1976.
18. S. Software, "RATS: Rough Auditing Tool for Security," 2004.
19. D. Evans and D. Larochelle, "Improving Security Using Extensible Lightweight Static Analysis," in IEEE Software, vol. 19, 2002, pp. 42-51.
20. D. A. Wheeler, "Flawfinder," 2001.
21. J. Viega, G. McGraw, T. Mutdosch, and E. W. Feiten, "Statically Scanning Java Code: Finding Security Vulnerabilities," in IEEE Software, vol. 17, 2000, pp. 68-77.
22. J. Viega, J. T. Bloch, Y. Kohno, and G. McGraw, "ITS4: A Static Vulnerability Scanner for C and C++ Code," presented at Annual Computer Security Applications Conference, New Orleans, Louisiana, USA, 2000.
23. J. Viega and G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way, Boston: Addison-Wesley, 2001.
24. G. Hoglund and G. McGraw, Exploiting Software: How to Break Code, Boston: Pearson Higher Education, 2004.
25. G. McGraw and E. Feiten, Java Security: Hostile Applets, Holes & Antidotes, New York: John Wiley & Sons, 1996.
26. nd ed, New York: John Wiley & Sons, 1999.
27. K. Beck, "Embracing Change with Extreme Programming," IEEE Computer, vol. 32, pp. 70-77, 1999.
28. J. Wäyrynen, M. Bodén, and G. Boström, "Security Engineering and eXtreme Programming: an Impossible marriage?," in Extreme programming and agile methods-XP/Agile Universe 2004, C. Zannier, H. Erdogmus, and L. Lindstrom, Eds. LNSC3134, Berlin: Springer-Verlag, 2004, pp. 117-128.
29. M. Poppendieck and R. Morsicato, "Using XP for Safety-Critical Software," Cutter IT Journal, vol. 15, no. 9, 2002, pp. 12-16.
30. M. D. Abrams, "Security Engineering in an Evolutionary Acquisition Environment," in Proceedings of New Security Paradigms Workshop, Charlottsville, VA, 1998, pp. 11-20.
31. S. T. Redwine and N. Davis, ed., Processes to Produce Secure Software Towards more Secure Software, Software Process Subgroup of the Task Force on Security across the Software Development Lifecycle National Cyber Security Summit, 2004.
32. P. Amey and R. Chapman, "Static verification and extreme programming," in Proceedings of 2003 annual international conference on Ada, San Diego, CA, USA, 2003, ACM Press, pp. 4-9.
33. J. Kerievsky, Refactoring to Patterns, Boston: Addison-Wesley, 2004.
34. E. H. Spafford, "Cyber Terrorism: The New Asymmetrie Threat," USA House Armed Services Committee, Subcommittee on Terrorism, Unconventional Threats and Capabilities, Testimony July 24 2003.
35. E. H. Spafford, "Exploring Common Criteria: Can it Ensure that the Federal Government Gets Needed Security in Software?" USA House Government Reform Committee Sub committee on Technology, Information Policy, Intergovernmental Relations and the Census, Testimony September 17 2003.
36. B.W. Boehm, "A Spiral Model of Software Development and Enhancement," ACM SIGSOFT Software Engineering Notes, vol. 11, 1986, pp. 22-42.