Agile Security Requirements Engineering
نویسنده
چکیده
Agile processes have been deemed unsuitable for security sensitive software development as the rigors of assurance are seen to conflict with the lightweight and informal nature of agile processes. However, such apparently conflicting demands may be reconciled by introducing the new notion of abuser stories in the requirements domain. These extend the wellestablished concept of user stories to achieve security requirements traceability and thus open the door to excellent security assurance, precisely because of their informal and lightweight nature.
منابع مشابه
Analysing Security and Software Requirements using Multi-Layered Iterative Model
Nowadays, security is of great concern for any organization developing software systems for various requirements. Moreover, the same becomes more complicated during integration of security measures with agile software development methodology due to its lightweight informal nature. The requirements engineering is considered as one of the key element associated with any software development proce...
متن کاملOrganisational security requirements: An agile approach to Ubiquitous Information Security
This paper proposes to address the need for more innovation in organisational information security by adding a security requirement engineering focus. Based on the belief that any heavyweight security requirements process in organisational security will be doomed to fail, we developed a security requirement approach with three dimensions. The use of a simple security requirements process in the...
متن کاملAn Integrated Framework for Security Enhancement in Agile Development using Fuzzy Logic
Agile methods are widely employed to develop high-quality software, but theoretical analyses argue that agile methods are inadequate for security-critical projects. However, most agiledeveloped software today needs to satisfy baseline security requirements, so that we need to focus on how to achieve this level for typical agile projects. Software grows up through its life cycle, so software dev...
متن کاملA Characterization of Negative User Stories
In the context of an agile project, negative interactions are addressed by equipping the ‘conventional’ positive user story engineering process with a number of conceptual models, including those for negative user story and negative role. The challenges inherent in eliciting negative uses, negative roles, and negative user stories are highlighted. The cost of engineering negative user stories i...
متن کاملTowards the Model-Driven Engineering of Secure yet Safe Embedded Systems
We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place a...
متن کامل