Towards Risk-Driven Security Requirements Management in Agile Software Development.
Lecture Notes in Business Information Processing(2019)
摘要
The focus on user stories in agile means non-functional requirements, such as security, are not always explicit. This makes it hard for the development team to implement the required functionality in a reliable, secure way. Security checklists can help but they do not consider the application's context and are not part of the product backlog. In this paper we explore whether these issues can be addressed by a framework which uses a risk assessment process, a mapping of threats to security features, and a repository of operationalized security features to populate the product backlog with prioritized security requirements. The approach highlights the relevance of each security feature to product owners while ensuring the knowledge and time required to implement security requirements is made available to developers. We applied and evaluated the framework at a Dutch medium-sized software development company with promising results.
更多查看译文
关键词
Secure software development,Security requirements,Risk assessment,Empirical research method
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络