Playing Protection Poker for Practical Software Security

Jaatun, Martin Gilje; Tøndel, Inger Anne

doi:10.1007/978-3-319-49094-6_55

Martin Gilje Jaatun¹⁹ &
Inger Anne Tøndel¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10027))

Included in the following conference series:

International Conference on Product-Focused Software Process Improvement

5086 Accesses
2 Citations

Abstract

Software security is about creating software that keeps performing as intended even when exposed to an active attacker. Secure software engineering is thus relevant for all software, not only security software. We describe Protection Poker, a tool for risk estimation to be used as part of the iteration planning meeting, and discuss some preliminary experiences.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
e.g., a “sprint” in Scrum.
2.
http://www.sintef.no/protection-poker.
3.
http://collaboration.csc.ncsu.edu/laurie/Security/ProtectionPoker/.

References

Williams, L., Meneely, A., Shipley, G.: Protection poker: the new software security game. IEEE Secur. Priv. 8(3), 14–20 (2010)
Article Google Scholar
Grenning, J.: Planning poker or how to avoid analysis paralysis while release planning. Hawthorn Woods: Renaissance Softw. Consult. 3, 1–3 (2002)
Google Scholar
Moløkken-Østvold, K., Haugen, N.C., Benestad, H.C.: Using planning poker for combining expert estimates in software projects. J. Syst. Softw. 81(12), 2106–2117 (2008). Best papers from the 2007 Australian Software Engineering Conference (ASWEC 2007), Melbourne, Australia, 10–13 April 2007
Article Google Scholar

Download references

Acknowledgment

This work was supported by the SoS-Agile: Science of Security in Agile Software Development project, funded by the Research Council of Norway, grant number 247678.

Author information

Authors and Affiliations

Department of Software Engineering, Safety and Security, SINTEF ICT, 7465, Trondheim, Norway
Martin Gilje Jaatun & Inger Anne Tøndel

Authors

Martin Gilje Jaatun
View author publications
You can also search for this author in PubMed Google Scholar
Inger Anne Tøndel
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Gilje Jaatun .

Editor information

Editors and Affiliations

Norwegian University of Science and Technology, Trondheim, Norway
Pekka Abrahamsson
Fraunhofer Institute for Experimental Software Engineering, Kaiserslautern, Germany
Andreas Jedlitschka
and Technology, Norwegian University of Science and Technology, Trondheim, Norway
Anh Nguyen Duc
University of Innsbruck, Innsbruck, Austria
Michael Felderer
Okayama Prefectural University, Soja, Japan
Sousuke Amasaki
Tampere University of Technology, Tampere, Finland
Tommi Mikkonen

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Jaatun, M.G., Tøndel, I.A. (2016). Playing Protection Poker for Practical Software Security. In: Abrahamsson, P., Jedlitschka, A., Nguyen Duc, A., Felderer, M., Amasaki, S., Mikkonen, T. (eds) Product-Focused Software Process Improvement. PROFES 2016. Lecture Notes in Computer Science(), vol 10027. Springer, Cham. https://doi.org/10.1007/978-3-319-49094-6_55

Download citation

DOI: https://doi.org/10.1007/978-3-319-49094-6_55
Published: 06 November 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49093-9
Online ISBN: 978-3-319-49094-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics