Agile development with security engineering activities

Baca, Dejan; Carlsson, Bengt

doi:10.1145/1987875.1987900

Cited by 55 publications

(32 citation statements)

References 20 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ge et al [12] integrate feature-driven development and high-profile security methods, namely risk analysis, to address the development of secure web applications. Baca and Carlsson identify security activities from three SE processes; Microsoft SDL, Cigital touchpoints and Common Criteria [3,9]. Then, they compare those security activities with a specific agile development process, Scrum, which is used in industry.…”

Section: Related Workmentioning

confidence: 99%

“…Security engineering (SE) processes can be defined as the set of activities performed to develop, maintain and deliver a secure software product; security activities may be either sequential or iterative. Due to constraints such as a lack of a complete overview of a product, higher development pace and lack of documentation inherent to agile processes [6,8,9], existing SE processes are difficult to implement in such a setting. Moreover, existing SE processes are designed for a traditional waterfall development approach, i.e.…”

Section: Introductionmentioning

confidence: 99%

“…This process includes a set of 16 sequential activities that cover all parts of the software development life cycle. CC is an international standard, ISO15408, certified for computer security [9,17]. It helps developers to specify the security attributes of a product and to evaluate if the products meet their claims [17].…”

Section: Introductionmentioning

confidence: 99%

“…This process includes a set of 9 sequential activities that cover most parts of the software development life cycle, except the prerequirement phase. Two other (O) security activities that are commonly used in agile development recommended in [9,18,19] but not included in any of the SE processes mentioned above are also identified; countermeasure graphs and pair programming. Based on these SE processes, initially a total of 50 security activities were found: 16 CLASP, 16 SDL, 9 CT, 7 CC and 2 O.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Identification and Evaluation of Security Activities in Agile Projects

2013

Self Cite

View full text Add to dashboard Cite

Abstract.We compare four high-profile waterfall security-engineering processes (CLASP, Microsoft SDL, Cigital Touchpoints and Common Criteria) with the available preconditions within agile processes. Then, using a survey study, agile security activities are identified and evaluated by practitioners from large companies, e.g. software and telecommunication companies. Those activities are compared and a specific security engineering process is suggested for an agile process setting that can provide high benefit with low integration cost.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Identification and Evaluation of Security Activities in Agile Projects

2013

Self Cite

View full text Add to dashboard Cite

show abstract

“…Baca and Carlsson proposed an agile security process in an industrial setting (Baca & Carlsson, 2011). Security issues were addressed using three well-known security tools; Microsoft SDL, Cigital Touchpoints, and the Common Criteria (Common Criteria, 2017).…”

Section: Introductionmentioning

confidence: 99%

Introducing a Novel Security-Enhanced Agile Software Development Process

Boldt

Jacobsson

Baca

et al. 2017

International Journal of Secure Software Engineering

Self Cite

View full text Add to dashboard Cite

In this paper, a novel security-enhanced agile software development process, SEAP, is introduced. It has been designed, tested, and implemented at Ericsson AB, specifically in the development of a mobile money transfer system. Two important features of SEAP are 1) that it includes additional security competences, and 2) that it includes the continuous conduction of an integrated risk analysis for identifying potential threats. As a general finding of implementing SEAP in software development, the developers solve a large proportion of the risks in a timely, yet cost-efficient manner. The default agile software development process at Ericsson AB, i.e. where SEAP was not included, required significantly more employee hours spent for every risk identified compared to when integrating SEAP. The default development process left 50.0% of the risks unattended in the software version that was released, while the application of SEAP reduced that figure to 22.5%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.9%, a more than five times increment.

show abstract

Formality, Agility, Security, and Evolution in Software Engineering

Hinchey¹

2018

Software Technology: 10 Years of Innovation in IEEE Computer

View full text Add to dashboard Cite

Agile development with security engineering activities

Cited by 55 publications

References 20 publications

Identification and Evaluation of Security Activities in Agile Projects

Identification and Evaluation of Security Activities in Agile Projects

Introducing a Novel Security-Enhanced Agile Software Development Process

Formality, Agility, Security, and Evolution in Software Engineering

Contact Info

Product

Resources

About