Welcome to the InfoSci Platform
Agile Software Development: The Straight and Narrow Path to Secure Software?

Agile Software Development: The Straight and Narrow Path to Secure Software?

Torstein Nicolaysen, Richard Sassoon, Maria B. Line, Martin Gilje Jaatun
Copyright: © 2012 |Pages: 15
ISBN13: 9781466615809|ISBN10: 146661580X|EISBN13: 9781466615816
DOI: 10.4018/978-1-4666-1580-9.ch001
Cite Chapter Cite Chapter

MLA

Nicolaysen, Torstein, et al. "Agile Software Development: The Straight and Narrow Path to Secure Software?." Security-Aware Systems Applications and Software Development Methods, edited by Khaled M. Khan, IGI Global, 2012, pp. 1-15. https://doi.org/10.4018/978-1-4666-1580-9.ch001

APA

Nicolaysen, T., Sassoon, R., Line, M. B., & Jaatun, M. G. (2012). Agile Software Development: The Straight and Narrow Path to Secure Software?. In K. Khan (Ed.), Security-Aware Systems Applications and Software Development Methods (pp. 1-15). IGI Global. https://doi.org/10.4018/978-1-4666-1580-9.ch001

Chicago

Nicolaysen, Torstein, et al. "Agile Software Development: The Straight and Narrow Path to Secure Software?." In Security-Aware Systems Applications and Software Development Methods, edited by Khaled M. Khan, 1-15. Hershey, PA: IGI Global, 2012. https://doi.org/10.4018/978-1-4666-1580-9.ch001

Export Reference

Mendeley
Favorite

Abstract

In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care of in an agile context. The interviews indicate that small and medium-sized agile software development organizations do not use any particular methodology to achieve security goals, even when their software is web-facing and potential targets of attack. This case study confirms that even in cases where security is an articulated requirement, and where security design is fed as input to the implementation team, there is no guarantee that the end result meets the security objectives. The authors contend that security must be built as an intrinsic software property and emphasize the need for security awareness throughout the whole software development lifecycle. This paper suggests two extensions to agile methodologies that may contribute to ensuring focus on security during the complete lifecycle.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.