Secure Scrum: Development of Secure Software with Scrum

Abstract: Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software development projects. In traditional software projects, security issues require detailed planning in an initial planning phase, typically resulting in a detailed security analysis (e.g., threat and risk analysis), a security architecture, and instructions for security implementatio… Show more

“…This idea of a Security-leveraged Scrum was further refined and evaluated by researchers at the Federal Institute of Education, Science and Technology of Sao Paulo [2] and the Munich IT Security Research Group [3].…”

“…Munich IT Security Research Group revised S-Scrum by adding a connection between security tasks and related user stories [3]. They called security tasks "S-Tags" (see: Figure 3).…”

“…S-Tags are extracted from user stories like Security User Stories, but remain connected to the original story through "S-Marks", allowing developers to track security-related concerns for each user story. User stories can have multiple S-Tags, and vice versa [3]. S-Tags are placed into the backlog and moved through the development process like ordinary stories.…”

“…S-Tags are placed into the backlog and moved through the development process like ordinary stories. However, if a user story is added to a sprint, its related S-Tags must be added as well, keeping security a constant priority [3]. S-Tags improve S-Scrum by improving the visualization and traceability of security within the context of Scrum's user stories.…”

“…S-Tags improve S-Scrum by improving the visualization and traceability of security within the context of Scrum's user stories. The Munich IT Security Research Group also performed an evaluation of their revised S-Scrum with a team of sixteen developers, and found that security of developed software was improved [3].…”

Kanban + X: Leveraging Kanban for Focused Improvements

“…This idea of a Security-leveraged Scrum was further refined and evaluated by researchers at the Federal Institute of Education, Science and Technology of Sao Paulo [2] and the Munich IT Security Research Group [3].…”

“…Munich IT Security Research Group revised S-Scrum by adding a connection between security tasks and related user stories [3]. They called security tasks "S-Tags" (see: Figure 3).…”

“…S-Tags are extracted from user stories like Security User Stories, but remain connected to the original story through "S-Marks", allowing developers to track security-related concerns for each user story. User stories can have multiple S-Tags, and vice versa [3]. S-Tags are placed into the backlog and moved through the development process like ordinary stories.…”

“…S-Tags are placed into the backlog and moved through the development process like ordinary stories. However, if a user story is added to a sprint, its related S-Tags must be added as well, keeping security a constant priority [3]. S-Tags improve S-Scrum by improving the visualization and traceability of security within the context of Scrum's user stories.…”

“…S-Tags improve S-Scrum by improving the visualization and traceability of security within the context of Scrum's user stories. The Munich IT Security Research Group also performed an evaluation of their revised S-Scrum with a team of sixteen developers, and found that security of developed software was improved [3].…”

Kanban + X: Leveraging Kanban for Focused Improvements

Access Control Policy Generation from User Stories Using Machine Learning

A software-based cost estimation technique in scrum using a developer's expertise