Software Security Engineering in Extreme Programming Methodology: a Systematic Literature Review

SOFTWARE SECURITY ENGINEERING IN EXTREME PROGRAMMING METHODOLOGY: A SYSTEMATIC LITERATURE REVIEW Imran Ghani (Universiti Teknologi Malaysia, Skudai, Johor, Malaysia [email protected]) Izzaty Yasin (Universiti Teknologi Malaysia, Skudai, Johor, Malaysia [email protected]) ABSTRACT: Agile methodology such as Extreme Programming (XP) has gained enough recognition as efficient development process by delivering software fast even under the time constrains. However, like other agile methods including Scrum, Feature Driven Development (FDD), DSDM and, XP has also been criticized because of unavailability of security element in its twelve practices. In order to have a deeper look into the matter and discover more about the reality, we conducted a systematic literature review (SLR) and studied the literature and software solutions between 2000 to 2012. Our findings highlight that the in its current form the XP model partially support integrating Software Security with its twelve practices. Although, there are a few researches on this topics but the detailed information about their usage and outcome is not yet published. Thus we conclude that the existing twelve practices of XP are not enough hence security based practices in XP need to be proposed.