Security Engineering and eXtreme Programming: An Impossible Marriage?
نویسندگان
چکیده
Agile methods, such as eXtreme Programming (XP), have been criticised for being inadequate for the development of secure software. In this paper, we analyse XP from a security engineering standpoint, to assess to what extent the method can be used for development of security critical software. This is done by analysing XP in the light of two security engineering standards; the Systems Security Engineering-Capability Maturity Model (SSE-CMM) and the Common Criteria (CC). The result is that XP is more aligned with security engineering than one might think at first. However, XP also needs to be tailored to better support and to more explicitly deal with security engineering issues. Tailoring XP for secure software development, without removing the agility that is the trademark of agile methods, may be a solution that would make XP more compatible with current security engineering practices.
منابع مشابه
Extreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without Defining It
This paper examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. We introduce eXtreme Security Engineering (XSE), an application of XP practices to security engineering, and discuss its potential benefits and the scope of its applicability. We argue that XSE could help achieve “good enough security” while avoiding defining a...
متن کاملSoftware Security Engineering in Extreme Programming Methodology: a Systematic Literature Review
SOFTWARE SECURITY ENGINEERING IN EXTREME PROGRAMMING METHODOLOGY: A SYSTEMATIC LITERATURE REVIEW Imran Ghani (Universiti Teknologi Malaysia, Skudai, Johor, Malaysia [email protected]) Izzaty Yasin (Universiti Teknologi Malaysia, Skudai, Johor, Malaysia [email protected]) ABSTRACT: Agile methodology such as Extreme Programming (XP) has gained enough recognition as efficient development process by ...
متن کاملNew Software Development Paradigms and Possible Adoption for Security
EGovernment would be a lot easier if it could be handled like eBusiness. Unfortunately there are organizational and legal obstacles that make it virtually impossible. The security level needed for public administrations is usually at the level of top private sector industries and service organizations like banks. In project management there has been a paradigm shift towards new methodologies fo...
متن کاملDevelopment of using balance scorecard in universities for having better performance: a fuzzy DEMATEL-Shapley value goal programming approach
Universities have a magnificent role in the sustainable development of their country and international scientific production of their country. Purpose of this paper is expansion of using balance scorecard in universities In order to improve performance of universities in learning and educating. The Balanced Scorecard (BSC) is an extensively adopted performance management framework in a lot of o...
متن کاملDevelopment of using balance scorecard in universities for having better performance: a fuzzy DEMATEL-Shapley value goal programming approach
Universities have a magnificent role in the sustainable development of their country and international scientific production of their country. Purpose of this paper is expansion of using balance scorecard in universities In order to improve performance of universities in learning and educating. The Balanced Scorecard (BSC) is an extensively adopted performance management framework in a lot of o...
متن کامل