- Autor
- Maier, Patrik
- Ma, Zhendong
- Bloem, Roderick
- TitelTowards a Secure SCRUM Process for Agile Web Application Development
- Datei
- DOI10.1145/3098954.3103171
- LicenceCC BY
- ISBN978-1-4503-5257-4
- Projekt Identifikator
- info:eu-repo/grantAgreement/EC/H2020-ECSEL/692474/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASS
- Konferenz NameProceedings of the 12th International Conference on Availability, Reliability and Security
- Konferenz OrtReggio Calabria
- Download Statistik954
- Peer ReviewJa
- AbstractAgile development such as Scrum and Extreme Programming de- liver software in short iterations for quick response to rapid busi- ness requirement and market changes. However, established secure software development methodologies are mostly based on linear models such as waterfall and V-model, making them unsuitable for direct application in an agile environment. This paper presents a proposal for integrating security activities into Scrum process for developing secure Web applications. We identify gaps in existing approaches to secure agile development and analyze established security engineering activities. We then adapt these activities and orchestrate them into Scrum development process to achieve both security and agility. Our proposal is evaluated by a Scrum team developing commercial JAVA EE applications in an opinion survey.