Integrating software security into agile-Scrum method

KSII Transactions on Internet and Information Systems

Volumn 8, Issue 2, 2014, Pages 646-663

  Ghani, Imran ^a   Azham, Zulkarnain ^a   Jeong, Seung Ryul ^b  

^a UNIVERSITI TEKNOLOGI MALAYSIA   (Malaysia)

^b Kookmin University   (South Korea)

Author keywords

Agile methodologies; Scrum; Security backlog; Software security

Indexed keywords

INFORMATION SYSTEMS;

AGILE DEVELOPMENT METHODS; AGILE METHODOLOGIES; EXTREME PROGRAMMING; FEATURE DRIVEN DEVELOPMENT; SCRUM; SECURITY BACKLOG; SOFTWARE SECURITY; SYSTEMS DEVELOPMENT;

HARDWARE;

EID: 84896845646     PISSN: 19767277     EISSN: 22881468     Source Type: Journal    
DOI: 10.3837/tiis.2014.02.019     Document Type: Article

References (38)

1. Dyba, T. and Dingsoyr, T., "Empirical studies of agile software development: A systematic review," Information and Software Technology, Vol.50, pp.833-859, 2008. Article (CrossRef Link)
2. Mchugh, O. and Conboy, k. and Lang, M., "Agile practices: The Impact on Trust in Software Project Teams," IEEE Software, Vol.29, pp.71-76, 2012. Article (CrossRef Link)
3. Slaten, k., Droujkova, M., Berenson, S. B., Williams, L. and Layman, L., "Understanding Student Perceptions of Pair Programming and Agile Software Development Methodologies: Verifying a Model of Social Interaction," IEEE Agile Conference, pp.323-330, 2005. Article (CrossRef Link)
4. Amir S. S., Amir A. S. and Fereidoon S., "Toward Empowering Extreme Programming from an Architectural Viewpoint," in Proc. of 9th International Conference XP 2008, Vol. 9, pp.222-223, 2008. Article (CrossRef Link)
5. Breivold, H. P., Sundmark, D., Wallin, P.and Larsson, S., "What Does Research Say about Agile and Architecture?," IEEE Software Engineering Advances, pp.32-37, 2010. Article (CrossRef Link)
6. Wäyrynen, J., Bodén, M. and Boström, G., "Security engineering and eXtreme programming: an impossible marriage?," in Proc. of 4th Conference on Extreme Programming and Agile Methods, Vol.3134, pp.117-128, 2004. Article (CrossRef Link)
7. Xiaocheng G., Richard F. P. and Fiona P., "Extreme Programming Security Practices", in Proc. of 8th International Conference XP 2007, Vol.4536, pp.226-230, 2007. Article (CrossRef Link)
8. Sani, A., Firdaus, A., Jeong, S. R. and Ghani, I., "A Review on Software Development Security Engineering using Dynamic System Method(DSDM)," International Journal of Computer Applications, Vol.69, No.25, pp.33-44, 2013. Article (CrossRef Link)
9. Ghani, I., Yasin, N. I. B., "Software Security Engineering in Extreme Programming Methodology: A Systematic Literature Review," Journal Science International Lahore, Vol.25, No.2, pp.215-221, 2013. Article (CrossRef Link)
10. Firdaus, A., Ghani, I., Yasin, N. I. M., "Developing Websites using Feature Driven Development: A Case Study," Journal of Clean Energy Technologies, Vol.1, No.4, pp.322-326, 2013. Article (CrossRef Link)
11. Sani, A., Ghani, I., Jeong, S. R., "Secure Dynamic System Development Method (Sdsdm) Model For Secure Software Development," Journal, Science International Lahore, Special Issue, 1059-64, 2013. Article (CrossRef Link)
12. Sutherland, J. and Schwaber, K., "The Scrum Papers: Nut, Bolts, and Origin of an Agile Framework," Scrum Inc, 2011. Article (CrossRef Link)
13. Julia, H. A., Sean, B., Robert, J., Ellison, Gary Mcgraw and Nancy R., "Software Security Engineering: A Guide for Project Manager," Addison-Wesley Professional, 2008. Article (CrossRef Link)
14. Keramati, H. and Mirian-Hosseinabadi, S. H., "Integrating Software Development Security Activities with Agile Methodologies," in Proc. of IEEE/ACS International Conference on Computer Systems and Applications, pp.749-754, 2008. Article (CrossRef Link)
15. Qumer, A. and Henderson-Sellers, B., "An evaluation of the degree of agility in six agile methods and it applicability for method engineering," Information and Software Technology, Vol.50, pp.280-295, 2008. Article (CrossRef Link)
16. Walker, R., "Improving Software Economics: Top 10 Principles of Achieving Agility At Scale," Improving Software Economics white paper, 2009. Article (CrossRef Link)
17. Lowell, L., Carmen, Z. and Erdogmus, H., "Extreme Programming and Agile Methods - XP/Agile Universe 2004," in Proc. of 4th Conference on Extreme Programming and Agile Methods, pp.121, 2004. Article (CrossRef Link)
18. Erdogan, G., Meland, P. H. and Mathieson, D., "Security Testing in Agile Web Application Development - A Case Study Using the East Methodology," in Proc. of 11th International Conference XP2010, Vol.48, pp.14-27, 2010. Article (CrossRef Link)
19. Brady, K., "AGILE/SCRUM Fails to get to grips with Human Psychology," at http://www.claretyconsulting.com/it/comments/agile-scrum-fails-to-get-to-grips-with-human-psychology.html, 2006. Article (CrossRef Link)
20. Mikko, S., Richard, B. and Tapio, K., "Integrating Security into Agile Development Methods," in Proc. of Proceedings of the 38th Hawaii International Conference on System Sciences, 2005. Article (CrossRef Link)
21. Anti, V, S., et al., "Secure software development and agile methods - notes," at http://confluence.agilefinland.com/display/af/Secure+software+development+and+agile+methods+-+notes, 2010. Article (CrossRef Link)
22. Adrian, L., "FireStarter: Agile Development and Security," at https://securosis.com/blog/agile-development-and-security, 2010. Article (CrossRef Link)
23. th Malaysian Software Engineering Conference, 2011. Article (CrossRef Link)
24. McGraw, G., "Software Security: Building Security In," Addison-wesley software security series, 2006. Article (CrossRef Link)
25. Checkland, P., "Soft Systems Methodology in Action," Toronto, Ontario, Canada: John Wiley & Sons, 1990. Article (CrossRef Link)
26. QFD Institute, "Frequently Asked Questions About QFD," at http://www.qfdi.org/what_is_qfd/faqs_about_qfd.html, 2005. Article (CrossRef Link)
27. Christel, M. and Kang, K., "Issues in Requirements Elicitation," Software Engineering Institute, 1992. Article (CrossRef Link)
28. Kunz, Werner. and Rittel, Horst., "Issues as Elements of Information Systems," at http://www.cc.gatech.edu/~ellendo/rittel/rittel-issues.pdf, 1970. Article (CrossRef Link)
29. Wood, J. and Silver, D., "Joint Application Design: How to Design Quality Systems in 40% Less Time," New York: John Wiley & Sons, 1989. Article (CrossRef Link)
30. Schiffrin, D., "Approaches to Discourse," Oxford, UK: Blackwell, 1994. Article (CrossRef Link)
31. Hubbard, R., Mead, N. and Schroeder, C., "An Assessment of the Relative Efficiency of a Facilitator-Driven Requirements Collection Process with Respect to the Conventional Interview Method," in Proc. of 4th International Conference on Requirements Engineering, pp.178-186, 2000. Article (CrossRef Link)
32. Sullivan., "Security Development Lifecycle for Agile Development," Mirosoft, at http://www.blackhat.com/presentations/bh-dc-10/Sullivan_Bryan/BlackHat-DC-2010-Sullivan-SDL-Agile-wp.pdf, 2009. Article (CrossRef Link)
33. Gencer, E., "Security Testing of Web Based Applications," Master Thesis Norwegian University of Science and Technology Department of Computer and Information Science, 2009. Article (CrossRef Link)
34. Sindre, G, and Opdahl A., "Capturing security requirements through misuse cases," in Proc. of Proceedings of the 14th Norwegian informatics conference, 2001. Article (CrossRef Link)
35. Mullery, G, "CORE: A method for controlled requirements expression," in Proc. of Proceedings of 4th International Conference on Software Engineering. (ICSE-4), pp.126-135, 1979. Article (CrossRef Link)
36. Kang, C., Cohen, G., Hess, A., Novak, E., and Peterson, A., "Feature-oriented domain analysis (FODA) feasibility study," Technical report CMU/SEI-90-TR-21, Software Engineering Institute, Carnegie Mellon University, 1990. Article (CrossRef Link)
37. Alnatheer, M., Nelson, K.: A proposed framework for understanding information security culture and practices in the Saudi context. In: Proceedings of the 7th Australian Information Security Management Conference, pp. 6-17. SECAU - Edith Cowan University, Australia, Perth, Australia, 2009. Article (CrossRef Link)
38. Vaha-Sipila, A., "Software security in agile product management," http://www.fokkusu.fi/agile-security/Software%20security%20in%20agile%20product%20management.pdf (2011) accessed on May 2013. Article (CrossRef Link)