Abstract
The focus on user stories in agile means non-functional requirements, such as security, are not always explicit. This makes it hard for the development team to implement the required functionality in a reliable, secure way. Security checklists can help but they do not consider the application’s context and are not part of the product backlog. In this paper we explore whether these issues can be addressed by a framework which uses a risk assessment process, a mapping of threats to security features, and a repository of operationalized security features to populate the product backlog with prioritized security requirements. The approach highlights the relevance of each security feature to product owners while ensuring the knowledge and time required to implement security requirements is made available to developers. We applied and evaluated the framework at a Dutch medium-sized software development company with promising results.
Original language | English |
---|---|
Title of host publication | Information Systems Engineering in Responsible Information Systems |
Subtitle of host publication | CAiSE Forum 2019, Rome, Italy, June 3–7, 2019, Proceedings |
Editors | Cinzia Cappiello, Marcela Ruiz |
Place of Publication | Cham |
Publisher | Springer |
Pages | 133-144 |
Number of pages | 12 |
ISBN (Print) | 9783030212964 |
DOIs | |
Publication status | Published - 1 Jan 2019 |
Event | 31st International Conference on Advanced Information Systems Engineering, CAiSE 2019: CAiSE - Rome, Italy Duration: 3 Jun 2019 → 7 Jun 2019 Conference number: 31 |
Publication series
Name | Lecture Notes in Business Information Processing |
---|---|
Publisher | Springer |
Volume | 350 |
ISSN (Print) | 1865-1348 |
ISSN (Electronic) | 1865-1356 |
Conference
Conference | 31st International Conference on Advanced Information Systems Engineering, CAiSE 2019 |
---|---|
Country/Territory | Italy |
City | Rome |
Period | 3/06/19 → 7/06/19 |
Keywords
- Empirical research method
- Risk assessment
- Secure software development
- Security requirements