将安全性融入敏捷软件开发

Int. J. Syst. Softw. Secur. Prot. Pub Date : 1900-01-01 DOI:10.4018/IJSSSP.2018010103

Kalle Rindell, S. Hyrynsalmi, V. Leppänen

{"title":"将安全性融入敏捷软件开发","authors":"Kalle Rindell, S. Hyrynsalmi, V. Leppänen","doi":"10.4018/IJSSSP.2018010103","DOIUrl":null,"url":null,"abstract":"Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.","PeriodicalId":135841,"journal":{"name":"Int. J. Syst. Softw. Secur. Prot.","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Fitting Security into Agile Software Development\",\"authors\":\"Kalle Rindell, S. Hyrynsalmi, V. Leppänen\",\"doi\":\"10.4018/IJSSSP.2018010103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.\",\"PeriodicalId\":135841,\"journal\":{\"name\":\"Int. J. Syst. Softw. Secur. Prot.\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Syst. Softw. Secur. Prot.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJSSSP.2018010103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Syst. Softw. Secur. Prot.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSSP.2018010103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

软件开发中的安全目标与业务目标越来越趋同，因为对隐私的需求和安全事件的成本要求更可靠的软件产品。安全软件的开发是通过使用特定的安全工程活动来扩展软件开发过程来完成的。与迭代和增量的软件开发过程相比，安全工程的特点是连续的生命周期模型:因此，安全目标是通过冲突的方法来实现的。在本研究中，为了识别方法之间的不兼容性，将Microsoft SDL、ISO通用标准和OWASP SAMM安全工程模型中的安全工程活动映射到常见的敏捷软件开发过程、实践和工件中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Fitting Security into Agile Software Development

Security objectives in software development are increasingly convergent with the business objectives, as requirements for privacy and the cost of security incidents call for more dependable software products. The development of secure software is accomplished by augmenting the software development process with specific security engineering activities. Security engineering, in contrast to the iterative and incremental software development processes, is characterized by sequential life cycle models: the security objectives are thus to be achieved by conflicting approaches. In this study, to identify the incompatibilities between the approaches, the security engineering activities from Microsoft SDL, the ISO Common Criteria and OWASP SAMM security engineering models are mapped into common agile software development processes, practices and artifacts.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Syst. Softw. Secur. Prot.

自引率

0.00%

发文量

期刊最新文献

A Light Weight Temper Resistance Client File in an External Memory for Remote User Authentication and Access Control Proposed Secure 3-Use Case Diagram A Novel Iterated Function System-Based Model for Coloured Image Encryption Formal Metamodeling for Secure Model-Driven Engineering Cloud Computing Virtual Machine Workload Prediction Method Based on Variational Autoencoder