Abstract
The paper introduces the AgileSafe method of selecting agile practices for software development projects that are constrained by assurance requirements resulting from safety and/or security related standards. Such requirements are represented by argumentation templates which explain how the evidence collected during agile practices implementation will support the conformity with the requirements. Application of the method is demonstrated by referring to a case study of development of a medical domain related application that is supposed to meet the requirements imposed by the IEC 62443-4.1 standard.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Microsoft Security Development Lifecycle (SDL). https://www.microsoft.com/en-us/sdl/
Building Security in Maturity Model (BSIMM). https://www.bsimm.com/
ISO/IEC 27034 series Application security. http://www.iso27001security.com/html/27034.html
IEC 62443-4-1 4-1: Secure product development life-cycle requirements
Manifesto for Agile Software Development. http://agilemanifesto.org
Schwaber, K., Beedle, M.: Agile Software Development with Scrum. Prentice Hall, Upper Saddle River (2002)
Beck, K., Andres, C.: Extreme Programming Explained. Addison-Wesley Professional, Boston (2004)
Knaster, R., Leffingwell, D.: SAFe Distilled: Applying the Scaled Agile Framework for Lean Software and Systems Engineering. Addison-Wesley Professional (2017)
Scrum of Scrums | Agile Alliance. https://www.agilealliance.org/glossary/scrum-of-scrums/
Kim, G., Willis, J., Debois, P., Humble, J., Allspaw, J.: The DevOps Handbook. Trade Select (2016)
Paige, R.F., Charalambous, R., Ge, X., Brooke, P.J.: Towards agile engineering of high-integrity systems. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 30–43. Springer, Heidelberg (2008). doi:10.1007/978-3-540-87698-4_6
Rasmussen, R., Hughes, T., Jenks, J., Skach, J.: Adopting agile in an FDA regulated environment. In: Proceedings of the 2009 Agile Conference, pp. 151–155 (2009)
McHugh, M., McCaffery, F., Coady, G.: An agile implementation within a medical device software organisation. Commun. Comput. Inf. Sci. 477, 190–201 (2014)
Myklebust, T., Stålhane, T., Hanssen, G.: Use of agile practices when developing safety-critical software. In: Proceeding of International System Safety Conference (2016)
Łukasiewicz, K., Górski, J.: AgileSafe – a method of introducing agile practices into safety-critical software development processes. In: Proceedings of the 2016 Federated Conference on Computer Science and Information Systems (2016)
Ambler, S.: IBM agility@scale™: Become as Agile as You Can Be. IBM (2010)
Ambler, S.: Agility at Scale: Results from the Summer 2012 DDJ State of the IT Union Survey. http://www.ambysoft.com/surveys/stateOfITUnion201209.html
Boström, G., Wäyrynen, J., Bodén, M., Beznosov, K., Kruchten, P.: Extending XP practices to support security requirements engineering. In: Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems - SESS 2006, pp. 11–18 (2006)
ISO/IEC 15026 Systems and software engineering – Systems and software assurance
NOR-STA tool. www.argevide.com
Weinstock, C., Goodenough, J.: Towards an assurance case practice for medical devices. Technical Note Software Engineering Institute (2009)
FDA: Guidance – Total Product Life Cycle: Infusion Pump-Premarket Notification Submissions [510 (k)] (2010)
Weinstock, C.B., Lipson, H.F., Goodenough J.: Arguing security – creating security assurance cases. In: Software Engineering Institute Report (2007). http://resources.sei.cmu.edu/asset_files/WhitePaper/2013_019_001_293637.pdf
Weinstock, C.B, Lipson, H.F.: Evidence of assurance: laying the foundation for a credible security case. In: Software Engineering Institute Report (2013), https://resources.sei.cmu.edu/asset_files/WhitePaper/2013_019_001_295685.pdf
Alexander, R., Hawkins, R., Kelly, T.: Security assurance cases: motivation and the state of the art. In: University of York Report Number: CESG/TR/2011/1 (2011)
Finnegan, A., McCaffery, F.: A Security argument pattern for medical device assurance cases. In: 2014 IEEE International Symposium on Software Reliability Engineering Workshops (2014)
Ray, A., Cleaveland, R.: Security assurance cases for medical cyber and physical systems. IEEE Des. Test 32, 56–65 (2015)
Bright Inventions. http://brightinventions.pl/
iBeacon - Apple Developer. https://developer.apple.com/ibeacon/
Łukasiewicz, K.: Method of selecting programming practices for the safety-critical software development projects – a case study. Technical report n. 02/2017. Gdańsk University of Technology (2017)
Your heart rate. What it means, and where on Apple Watch you’ll find it. https://support.apple.com/en-us/HT204666
Cyra, L., Górski, J.: Support for argument structures review and assessment. Reliab. Eng. Syst. Safety 96, 26–37 (2011)
Stalhane, T., Hanssen, G., Myklebust, T.: The Application of SafeScrum to IEC 61508 certifiable Software, January 2014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Górski, J., Łukasiewicz, K. (2017). Meeting Requirements Imposed by Secure Software Development Standards and Still Remaining Agile. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds) Computer Network Security. MMM-ACNS 2017. Lecture Notes in Computer Science(), vol 10446. Springer, Cham. https://doi.org/10.1007/978-3-319-65127-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-65127-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65126-2
Online ISBN: 978-3-319-65127-9
eBook Packages: Computer ScienceComputer Science (R0)