Security engineering and eXtreme programming: An impossible marriage?
2004 (English)In: EXTREME PROGRAMMING AND AGILE METHODS - XP/ AGILE UNIVERSE 2004, PROCEEDINGS / [ed] Zannier C, Erdogmus H, Lindstrom L, Berlin: Springer , 2004, 117-128 p.Conference paper (Refereed)
Agile methods, such as eXtreme Programming (XP), have been criticised for being inadequate for the development of secure software. In this paper, we analyse XP from a security engineering standpoint, to assess to what extent the method can be used for development of security critical software. This is done by analysing XP in the light of two security engineering standards; the Systems Security Engineering-Capability Maturity Model (SSE-CMM) and the Common Criteria (CC). The result is that XP is more aligned with security engineering than one might think at first. However, XP also needs to be tailored to better support and to more explicitly deal with security engineering issues. Tailoring XP for secure software development, without removing the agility that is the trademark of agile methods, may be a solution that would make XP more compatible with current security engineering practices.
Place, publisher, year, edition, pages
Berlin: Springer , 2004. 117-128 p.
, LECTURE NOTES IN COMPUTER SCIENCE, ISSN 0302-9743 ; 3134
IdentifiersURN: urn:nbn:se:kth:diva-5579ISI: 000223609400012ScopusID: 2-s2.0-35048816560OAI: oai:DiVA.org:kth-5579DiVA: diva2:9991
4th Conference on Extreme Programming and Agile Methods (XP Agile Universe 2004) Calgary, CANADA, AUG 15-18, 2004
QC 201011092006-04-102006-04-102011-11-01Bibliographically approved