Security in Agile Development: Pedagogic Lessons from an Undergraduate Software Engineering Case Study

被引:0
作者
McDonald, J. Todd [1 ]
Trigg, Tyler H. [1 ]
Roberts, Clifton E. [1 ]
Darden, Blake J. [1 ]
机构
[1] Univ S Alabama, Sch Comp, Mobile, AL 36688 USA
来源
CYBER SECURITY, CSS 2015 | 2016年 / 589卷
基金
美国国家科学基金会;
关键词
Secure software engineering; Agile; SCRUM; Academic case studies;
D O I
10.1007/978-3-319-28313-5_9
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Integrating agile software methodologies can be fraught with risk for many software development organizations, but the potential rewards in terms of productivity, delivered functionality, and overall success rate are promising. Agile integration may be hard in certain organizational structures, but integrating security into such an approach can pose an even greater challenge. Ultimately, academia must do its part to introduce future computing professionals to these large areas of knowledge. In this paper, we consider the issues and problems of introducing secure agile software principles into undergraduate curriculum. We report observations, results, and pedagogic lessons learned from an empirical study as part of an undergraduate software engineering course. The conclusions and suggestions provide valuable insight for educators and practitioners alike since both communities deal often with how to best introduce agile and security to new initiates.
引用
收藏
页码:127 / 141
页数:15
相关论文
共 16 条
  • [1] [Anonymous], 2005, Manifesto for Agile software development
  • [2] [Anonymous], 2006, Software security: building security in
  • [3] Bartsch S., 2011, AV REL SEC ARES 2011, P479, DOI DOI 10.1109/ARES.2011.82
  • [4] Bostrom G., 2006, P INT WORKSH SOFTW E, DOI 1-59593-085-X/06/0005
  • [5] Howard Michael., 2009, 24 deadly sins of software security programming flaws and how to fix them
  • [6] Larman C., 2004, Agile Iterative Development-A Managers Guide, Agile Software Development
  • [7] LeBlanc D, 2002, WRITING SECURE CODE
  • [8] Microsoft Windows Development Center, SDL AG REQ
  • [9] MITRE, Common attack pattern enumeration and classification
  • [10] Moczar L., 2013, WHY AGILE ISNT WORKI