Security Based SCURM Process (SUBSCRUM) For Secure Agile Development

Authors

DOI:

https://doi.org/10.21015/vtse.v12i3.1893

Abstract

This study presents an integrated approach for the consideration of security during agile development. A security-based SCRUM process (SBSCRUM) is introduced by taking advantage of the security patterns presented by security experts which contains the solution for a security threat. In the proposed security based SCRUM process the SCRUM team will be responsible for identifying the expected security threats to the system, in which all the expected threats to the system are modelled using mis-use case diagrams and then these modelled threats are mitigated using the security patterns which provide detailed solution to mitigate the threats and at final stage the security testing is performed to ensure that all the security threats identified are mitigated using security patterns. SBSCRUM is evaluated through the case studies in this paper. SBSCRUM will enable the software developers to develop secure software using agile development methods which lacks in the past.

References

Abrahamsson, P., Warsta, J., Siponen, M. T., & Ronkainen, J. (2003). New directions on agile methods: a comparative analysis. In 25th International Conference on Software Engineering, 2003. Proceedings. (pp. 244-254). Ieee. DOI: https://doi.org/10.1109/ICSE.2003.1201204

Almudarra, F., & Qureshi, B. (2015). Issues in adopting agile development principles for mobile cloud computing applications. Procedia Computer Science, 52, 1133-1140. DOI: https://doi.org/10.1016/j.procs.2015.05.131

Aydal, E. et al. (2016), Security Planning and Refactoring in Extreme Programming. Work, pp.154 - 163.

Baskerville, R. (2014), Agile security for information warfare: a call for research. ECIS.

Beznosov, K. and Kruchten, P. (2005), ‘Towards agile security assurance’. Proceedings of the2004 workshop on New security paradigms - NSPW '04 pp.47. DOI: https://doi.org/10.1145/1065907.1066034

Calder, A. and Watkins, S. (2012), IT Governance: An International Guide to Data Security andISO27001/ISO27002, Kogan Page Limited, Great Britain and United States, 5th ed. (2012),ISBN: 9780749464851.

Ghani, I., & Yasin, I. (2013). Software Security Engineering in Extreme Programming Methodology: A Systematic Literature Review. Science International, 25(2).

Goertzel, K. et al. (2017), Software Security Assurance, State-of-the-Art Report (SOAR),Information Assurance Technology Analysis Centre (IATAC) and Data and Analysis Centerfor Software.

Jaatun, M. G., Cruzes, D. S., & Luna, J. (2017). Devops for better software security in the cloud invited paper. In Proceedings of the 12th International Conference on Availability, Reliability and Security (pp. 1-6). DOI: https://doi.org/10.1145/3098954.3103172

Lenort, R., & Wicher, P. (2012). Agile versus resilient supply chains: commonalities and differences. In Carpathian logistics congress (pp. 558-564).

Maher, Z. A., Shaikh, H., Khan, M. S., Arbaaeen, A., & Shah, A. (2018). Factors affecting secure software development practices among developers-An investigation. In 2018 IEEE 5th International Conference on Engineering Technologies and Applied Sciences (ICETAS) (pp. 1-6). IEEE.

Maher, Z. A., Shah, A., Chan-dio, S., Mohadis, H. M., & Rahim, N. H. B. A. (2020). Challenges and limitations in secure software development adoption-A qualitative analysis in Malaysian software industry prospect. Indian Journal of Science and Technology, 13(26), 2601-2608.

Maher, Z. A., Shah, A., Shaikh, H., Rahu, G. A., Butt, P. K., Chandio, S., & Shaikh, S. (2018, September). A methodology for modeling and analysis of secure systems using security patterns and mitigation use cases. In 2018 7th International Conference on Computer and Communication Engineering (ICCCE) (pp. 268-273). IEEE.

Mihelič, A., Vrhovec, S., & Hovelja, T. (2023). Agile Development of Secure Software for Small and Medium-Sized Enterprises. Sustainability, 15(1), 801.

Mohan, V., ben Othmane, L., & Kres, A. (2018,). BP: Security concerns and best practices for automation of software deployment processes: An industrial case study. In 2018 IEEE Cybersecurity Development (SecDev) (pp. 21-28). IEEE.

Mokhtar, R., & Khayyat, M. (2022). A Comparative Case Study of Waterfall and Agile Management. SAR Journal-Science and Research.

Oueslati, H., Rahman, M. M., & ben Othmane, L. (2015). Literature review of the challenges of developing secure software using the agile approach. In 2015 10th International Conference on Availability, Reliability and Security (pp. 540-547). IEEE. DOI: https://doi.org/10.1109/ARES.2015.69

Oueslati, H., Rahman, M. M., ben Othmane, L., Ghani, I., & Arbain, A. F. B. (2016). Evaluation of the challenges of developing secure software using the agile approach. International Journal of Secure Software Engineering (IJSSE), 7(1), 17-37. DOI: https://doi.org/10.4018/IJSSE.2016010102

Tøndel, Inger Anne, Daniela Soares Cruzes, Martin Gilje Jaatun, and Guttorm Sindre.(2022). "Influencing the security prioritisation of an agile software development project." Computers & Security 118: 102744.

Villamizar, H., Kalinowski, M., Viana, M., & Fernández, D. M. (2018). A systematic mapping study on security in agile requirements engineering. In 2018 44th Euromicro conference on software engineering and advanced applications (SEAA) (pp. 454-461). IEEE.

Downloads

Published

2024-09-08

How to Cite

Maher, Z. A., Ghulam, A., Koondhar , M. Y., Mahar, I. A., & Hyder, M. (2024). Security Based SCURM Process (SUBSCRUM) For Secure Agile Development. VFAST Transactions on Software Engineering, 12(3), 138–146. https://doi.org/10.21015/vtse.v12i3.1893

Issue

Vol. 12 No. 3 (2024): July-September

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC-By) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

                                      

This work is licensed under a Creative Commons Attribution  License CC BY