Security Engineering and eXtreme Programming: An Impossible Marriage?
2004 (English)Conference paper (Other academic)
Agile methods, such as eXtreme Programming (XP), have been criticised for being inadequate for the development of secure software. In this paper, we analyse XP from a security engineering standpoint, to assess to what extent the method can be used for development of security critical software. This is done by analysing XP in the light of two security engineering standards; the Systems Security Engineering-Capability Maturity Model (SSE-CMM) and the Common Criteria (CC). The result is that XP is more aligned with security engineering than one might think at first. However, XP also needs to be tailored to better support and to more explicitly deal with security engineering issues. Tailoring XP for secure software development, without removing the agility that is the trademark of agile methods, may be a solution that would make XP more compatible with current security engineering practices.
Place, publisher, year, edition, pages
IdentifiersURN: urn:nbn:se:su:diva-38473OAI: oai:DiVA.org:su-38473DiVA: diva2:310347