Abstract
Software security is about creating software that keeps performing as intended even when exposed to an active attacker. Secure software engineering is thus relevant for all software, not only security software. We describe Protection Poker, a tool for risk estimation to be used as part of the iteration planning meeting, and discuss some preliminary experiences.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
e.g., a “sprint” in Scrum.
- 2.
- 3.
References
Williams, L., Meneely, A., Shipley, G.: Protection poker: the new software security game. IEEE Secur. Priv. 8(3), 14–20 (2010)
Grenning, J.: Planning poker or how to avoid analysis paralysis while release planning. Hawthorn Woods: Renaissance Softw. Consult. 3, 1–3 (2002)
Moløkken-Østvold, K., Haugen, N.C., Benestad, H.C.: Using planning poker for combining expert estimates in software projects. J. Syst. Softw. 81(12), 2106–2117 (2008). Best papers from the 2007 Australian Software Engineering Conference (ASWEC 2007), Melbourne, Australia, 10–13 April 2007
Acknowledgment
This work was supported by the SoS-Agile: Science of Security in Agile Software Development project, funded by the Research Council of Norway, grant number 247678.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Jaatun, M.G., Tøndel, I.A. (2016). Playing Protection Poker for Practical Software Security. In: Abrahamsson, P., Jedlitschka, A., Nguyen Duc, A., Felderer, M., Amasaki, S., Mikkonen, T. (eds) Product-Focused Software Process Improvement. PROFES 2016. Lecture Notes in Computer Science(), vol 10027. Springer, Cham. https://doi.org/10.1007/978-3-319-49094-6_55
Download citation
DOI: https://doi.org/10.1007/978-3-319-49094-6_55
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49093-9
Online ISBN: 978-3-319-49094-6
eBook Packages: Computer ScienceComputer Science (R0)