Advertisement

Extreme Programming Security Practices

  • Xiaocheng Ge
  • Richard F. Paige
  • Fiona Polack
  • Phil Brooke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4536)

Abstract

Current practice suggests that security is considered through all stages of the software development life cycle, and that a risk-based and plan-driven approach is best suited to establish security criteria. Based on experience in applying security practices, this paper proposes two new security practices, security training and a fundamental security architecture, for applying Extreme Programming.

Keywords

Security Requirement Software Project User Story Agile Method Software Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Common criteria for information technology security evaluation, version 2.5. ISO/IEC 18405 (2005)Google Scholar
  2. Aydal, E.G., Paige, R.F., Chivers, H., Brooke, P.J.: Brooke. Security planning and refactoring in extreme programming. In: Abrahamsson, P., Marchesi, M., Succi, G. (eds.) XP 2006. LNCS, vol. 4044, pp. 154–163. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. Baskerville, R.: Agile security for information warefare: a call for research. In: Proc. ECIS 2004, Turku, Finland (June 2004)Google Scholar
  4. Beck, K., Andres, C.: Extreme Programming Explained: Embrace Change. 2nd edn., Addison-Wesley, Reading (November 2004)Google Scholar
  5. Beznosov, K.: Extreme security engineering. In: Proc. BizSec Fairfax, VA (October 2003)Google Scholar
  6. Chivers, H., Paige, R.F., Ge, X.: Agile security using an incremental security architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, pp. 57–65. Springer, Heidelberg (2005)Google Scholar
  7. Fowler, M.: Is design dead? (May 2004), http://www.martinfowler.com/articles/designDead.html
  8. Graff, M., van Wyk, K.: Secure Coding, Principles, and Practices. O’Reilly (2002)Google Scholar
  9. Kumar, P.: J2EE Security for Servlets, EJBs, and Web Services. Prentice Hall PTR, Englewood Cliffs (2004)Google Scholar
  10. Pfleeger, C.P.: Security in Computing, 2nd edn. Prentice Hall, Englewood Cliffs (1997)Google Scholar
  11. Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: Proc. 38th HICSS (2005)Google Scholar
  12. Tracy, M., Jansen, W., McLamon, M.: Guidelines on securing public web servers. Technical report, NIST 800-44 (September 2002)Google Scholar
  13. Viega, J., McGraw, G.: Building Secure Software. Addison-Wesley, Reading (2002)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Xiaocheng Ge
    • 1
  • Richard F. Paige
    • 1
  • Fiona Polack
    • 1
  • Phil Brooke
    • 2
  1. 1.Department of Computer Science, University of YorkUK
  2. 2.School of Computing, University of TeessideUK

Personalised recommendations