Security in Agile Development: Pedagogic Lessons from an Undergraduate Software Engineering Case Study

  • J. Todd McDonaldEmail author
  • Tyler H. Trigg
  • Clifton E. Roberts
  • Blake J. Darden
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 589)


Integrating agile software methodologies can be fraught with risk for many software development organizations, but the potential rewards in terms of productivity, delivered functionality, and overall success rate are promising. Agile integration may be hard in certain organizational structures, but integrating security into such an approach can pose an even greater challenge. Ultimately, academia must do its part to introduce future computing professionals to these large areas of knowledge. In this paper, we consider the issues and problems of introducing secure agile software principles into undergraduate curriculum. We report observations, results, and pedagogic lessons learned from an empirical study as part of an undergraduate software engineering course. The conclusions and suggestions provide valuable insight for educators and practitioners alike since both communities deal often with how to best introduce agile and security to new initiates.


Secure software engineering Agile SCRUM Academic case studies 


  1. 1.
    Agile Alliance: Manifesto for Agile Software Development (2005).
  2. 2.
    Stellman, A., Greene, J.: Learning Agile: Understanding Scrum, XP, Lean, and Kanban. O’Reilly Media, Inc. (2014). ISBN 978-1449331924Google Scholar
  3. 3.
    Larman, C.: Chapter 11: Practice Tips - Agile and Iterative Development: A Manager’s Guide (2004). ISBN 978-0-131-11155-4Google Scholar
  4. 4.
    Reliable Software Resources, Inc.: Benefit of Agile Methodology (2014). Accessed 14 August 2015.
  5. 5.
    Moran, A.: Managing Agile. Strategy, Implementation, Organisation and People. Springer, Heidelberg (2015). ISBN 978-3-319-16262-1Google Scholar
  6. 6.
    VersionOne Inc: 9th Annual State of Agile Survey (2015). Accessed 14 August 2015.
  7. 7.
    Moczar, L.: Why Agile Isn’t Working: Bringing Common Sense to Agile Principles. CIO, June 4, 2013 (2013). Accessed 14 August 2015.–bringing-common-sense-to-agile-principles.html
  8. 8.
    McGraw, G.: Software Security: Building Security In. Addison-Wesley Professional, Boston (2006). ISBN 10: 0321356705Google Scholar
  9. 9.
    Howard, M., LeBlanc, D., Viega, J.: 24 Deadly Sins of Software Security. McGraw Hill/Osborne, New York (2009). ISBN 10: 0071626751Google Scholar
  10. 10.
    Bartsch, S.: Practitioners’ perspectives on security in agile development. In: Proceedings of 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 479–484 (2011). doi: 10.1109/ARES.2011.82
  11. 11.
    Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating security into agile development methods. In: Proceedings of 38th Hawaii International Conference on System Sciences (2005)Google Scholar
  12. 12.
    Boström, G., Wäyrynen, J., Bodén, M., Beznosov, K., Kruchten, P.: Extending XP practices to support security requirements engineering. In: Proceedings of International Workshop Software Engineering for Secure Systems (SESS’06) (2006). doi:1-59593-085-X/06/0005Google Scholar
  13. 13.
    SANS Reading Room: Integrating Security into Development, No Pain Required. Accessed 14 August 2015.
  14. 14.
  15. 15.
    Firebase Database.
  16. 16.
    LeBlanc, D., Howard, M.: Writing Secure Code, 2nd edn. Microsoft Press, Redmond (2002). ISBN 978-0735617223Google Scholar
  17. 17.
    Microsoft Windows Development Center: SDL-Agile Requirements. Accessed 14 August 2015.
  18. 18.
    Edge of Chaos – Agile Development Blog.
  19. 19.
    MITRE: Common Attack Pattern and Enumeration and Classification. Accessed 15 August 2015.

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • J. Todd McDonald
    • 1
    Email author
  • Tyler H. Trigg
    • 1
  • Clifton E. Roberts
    • 1
  • Blake J. Darden
    • 1
  1. 1.School of ComputingUniversity of South AlabamaMobileUSA

Personalised recommendations