Selection of Security Activities for Integration with Agile Methods after Combining Their Agility and Effectiveness.

Nowadays security concerns are central in software engineering. Moreover, the idea of incorporating security in agile software development has always been difficult because most of the security activities conflict with the agile principles. Agile development methodologies promise simple and iterative development with minimal documentation and a solution to rapidly changing environment. However, security techniques are complex and require too much documentation thus not suited for agile methods. The goal of this paper is to select those security activities which are best to integrate with agile methods. This selection is based on two distinct measures, effectiveness and agility degree of security activities. The former indicates that the considered security activity will produce the intended result and ultimately reflects its impression in achieving security of software system. The latter refers to the flexible and low-cost ability of the security activity in providing effective responses to unpredictable changes. The challenge is to find the right mix of above said two measures according to project’s need. This has been accomplished in the proposed approach, CEASA (Combining Effectiveness and Agility of Security Activity), by using a weighted decision theory.