Achieving Standard Software Security in Agile Developments

Achieving Standard Software Security in Agile Developments

연구 분야: Verification

학회: ICICM '21: Proceedings of the 11th International Conference on Information Communication and Management

The introduction of agile software development methods has brought about diverse benefits to the industry. These range from rapid deployment of software products to satisfying the ever changing customer requirements among others. These have in turn fueled the rapid adoption of these methodologies within the industry. On the down side, agile approach has been proved to be weak in handling security and therefore not appropriate for developing secure systems. The framework we present in this paper addresses this by ensuring that security is in the development process from the beginning of the project to the end. It is modeled after the SSE-CMM as a standard for security engineering. Considering its process areas, it aims to achieve the intended security goals within the agile process to appropriate levels by adopting agility in the implementation of these activities. The criteria of implementation are agility plus the SSE-CMM process areas goals. The framework is tested through a case study to check the capability levels achieved and the agility of the resultant process.