More Web Proxy on the site http://driver.im/

short-paper

ScrumS: a model for safe agile development

Authors:

Rene Esteves Maria,

Luiz Antonio Rodrigues, Jr,

Nelson Alves PintoAuthors Info & Claims

MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems

Pages 43 - 47

https://doi.org/10.1145/2857218.2857225

Published: 25 October 2015 Publication History

Abstract

The utilization of the Scrum method for software development offers major benefits to its users, such as the process acceleration and resources to deal with the instability of technological environments. Fast customer feedback and support for volatile requirement results in a higher product value, however it hinders the team in dealing appropriately with a critical aspect of every system, which is the information security. Whereas attacks have become more sophisticated that even simpler systems can be potential targets, so it is essential to treat software security within the agile method itself, in order to make it part of the process. Aiming to improve system's quality, reliability, and security, this work proposes an accessory to the Scrum agile method named ScrumS, which adds specific security techniques for a risk analysis project.

References

[1]

Version One. State of Agile Survey: The State of Agile Development. Version One, 2010.

[2]

Schwaber, K. Agile Project Management with SCRUM. Microsoft Press, 2004.

Digital Library

[3]

Azham, Z., Ghani, I., and Ithnin, N. Security Backlog in Scrum Security Practices. Software Engineering (MySEC), Johor Bahru, 2011. DOI=10.1109/MySEC.2011.6140708

[4]

Schneier, B. Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, New York, 2000.

Digital Library

[5]

Pinto, N. A. A Process Model for Security Tests Using a Risk Oriented Approach. Brazilian Aeronautics Institute of Technology, Sao Jose dos Campos, Brazil, 2008.

[6]

Viega, J., and McGraw, G. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley Professional, 2001.

Digital Library

[7]

Stoneburner G., Goguen A., and Feringa, A. Risk Management Guide for Information Technology Systems. National Institute of Standards & Technology, Gaithersburg, 2002.

[8]

Mougouei, D. et. al. S-Scrum: a Secure Methodology for Agile Development of Web Services. World of Computer Science and Information Technology Journal (WCSIT), 3 (1), 2013, 15--19.

[9]

McGraw, G. Software Security. Security & Privacy, IEEE, 2 (2), 2004, 80--83. DOI=10.1109/MSECP.2004.1281254

Digital Library

[10]

Highsmith, J. Agile Project Management: Creating Innovative Products. Addison-Wesley Professional, 2009, 432.

Digital Library

[11]

Pfleeger, C., and Pfleeger S. Security in Computing. Prentice Hall Professional Technical Reference, 2002.

Digital Library

[12]

Phan, A. and Phan, P. Scrum in Action: Agile Software Project Management and Development. Novatec, 2011, 287.

Digital Library

[13]

Levin, T. et al. Design Principles and Guidelines for Security. Secure Core, 2007.

[14]

Brazilian Ministry of Education. Instrumento de Avaliacao de Cursos de Graduacao Presencial e a Distancia. Inped.gov.br, 2012. http://download.inep.gov.br/educacao_superior/avaliacao_cursos_graduacao/instrumentos/2012/instrumento_com_alteracoes_maio_12.pdf.

[15]

Firesmith, D. Security Use Cases. Journal of Objetct Technology, 2 (3), 2003, 53--6

Cited By

Marchesi LMarchesi MTonelli R(2025)A survey on Cryptoagility and Agile Practices in the light of quantum resistanceInformation and Software Technology10.1016/j.infsof.2024.107604178(107604)Online publication date: Feb-2025
https://doi.org/10.1016/j.infsof.2024.107604
Selva-Mora AQuesada-López C(2024)Security Practices in Agile Software Development: A Mapping StudyProceedings of the 7th ACM/IEEE International Workshop on Software-intensive Business10.1145/3643690.3648241(56-63)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.1145/3643690.3648241
Vera TPereira-Vale APerovich DOchoa SMarques M(2024)Making Explicit the Problem and Context to Address in Project-Based Software Engineering CoursesHuman Interface and the Management of Information10.1007/978-3-031-60125-5_26(382-396)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-60125-5_26
Show More Cited By

Recommendations

Student scrums (abstract only)
SIGCSE '12: Proceedings of the 43rd ACM technical symposium on Computer Science Education

Over the past ten years Agile software development practices have grown in acceptance and have gained a solid foothold in commercial software development. Our students are entering the workforce with an increasing percentage of companies that are using ...
Challenges Faced While Simultaneously Implementing CMMI and Scrum: A Case Study in the Tax Preparation Software Industry
ITNG '12: Proceedings of the 2012 Ninth International Conference on Information Technology - New Generations

CMMI certification is a major accomplishment for a software organization, and is often required for an organization to stay competitive. This work is a case study of the challenges faced by a growing tax preparation software company during its attempt ...
The agile requirements refinery: Applying SCRUM principles to software product management

Context: Although agile software development methods such as SCRUM and DSDM are gaining popularity, the consequences of applying agile principles to software product management have received little attention until now. Objective: In this paper, this gap ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

MEDES '15: Proceedings of the 7th International Conference on Management of computational and collective intElligence in Digital EcoSystems

October 2015

271 pages

ISBN:9781450334808

DOI:10.1145/2857218

Copyright © 2015 ACM.

© 2015 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

The French Chapter of ACM Special Interest Group on Applied Computing
IFSP: Federal Institute of São Paulo

In-Cooperation

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

MEDES '15

Sponsor:

IFSP

MEDES '15: The 7th International Conference on Management of computational and collective IntElligence in Digital EcoSystems

October 25 - 29, 2015

Caraguatatuba, Brazil

Acceptance Rates

MEDES '15 Paper Acceptance Rate 13 of 64 submissions, 20%;

Overall Acceptance Rate 267 of 682 submissions, 39%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
807
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)7

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Marchesi LMarchesi MTonelli R(2025)A survey on Cryptoagility and Agile Practices in the light of quantum resistanceInformation and Software Technology10.1016/j.infsof.2024.107604178(107604)Online publication date: Feb-2025
https://doi.org/10.1016/j.infsof.2024.107604
Selva-Mora AQuesada-López C(2024)Security Practices in Agile Software Development: A Mapping StudyProceedings of the 7th ACM/IEEE International Workshop on Software-intensive Business10.1145/3643690.3648241(56-63)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.1145/3643690.3648241
Vera TPereira-Vale APerovich DOchoa SMarques M(2024)Making Explicit the Problem and Context to Address in Project-Based Software Engineering CoursesHuman Interface and the Management of Information10.1007/978-3-031-60125-5_26(382-396)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-60125-5_26
Mihelič AVrhovec SHovelja T(2023)Agile Development of Secure Software for Small and Medium-Sized EnterprisesSustainability10.3390/su1501080115:1(801)Online publication date: 2-Jan-2023
https://doi.org/10.3390/su15010801
Mihelič AHovelja TVrhovec S(2023)Identifying Key Activities, Artifacts and Roles in Agile Engineering of Secure Software with Hierarchical ClusteringApplied Sciences10.3390/app1307456313:7(4563)Online publication date: 4-Apr-2023
https://doi.org/10.3390/app13074563
Behutiye WRodriguez POivo M(2022)Quality Requirement Documentation Guidelines for Agile Software DevelopmentIEEE Access10.1109/ACCESS.2022.318710610(70154-70173)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3187106
Garcia LOliveiraJr EMorandini M(2022)Tailoring the Scrum framework for software developmentInformation and Software Technology10.1016/j.infsof.2021.106814146:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.infsof.2021.106814
Jabangwe RKuusinen KRiisom KHubel MAlradhi HNielsen N(2021)Challenges and Solutions for Addressing Software Security in Agile Software DevelopmentResearch Anthology on Recent Trends, Tools, and Implications of Computer Programming10.4018/978-1-7998-3016-0.ch085(1875-1888)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-3016-0.ch085
Yee G(2019)Attack Surface Identification and Reduction Model Applied in Scrum2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)10.1109/CyberSecPODS.2019.8884956(1-8)Online publication date: Jun-2019
https://doi.org/10.1109/CyberSecPODS.2019.8884956
Jabangwe RKuusinen KRiisom KHubel MAlradhi HNielsen N(2018)Challenges and Solutions for Addressing Software Security in Agile Software DevelopmentInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.20180101019:1(1-17)Online publication date: Jan-2018
https://doi.org/10.4018/IJSSSP.2018010101

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents