Refactoring: improving the design of existing code
Refactoring: improving the design of existing code
Extreme programming explained: embrace change
Extreme programming explained: embrace change
Assessing XP at a European Internet Company
IEEE Software
Static verification and extreme programming
Proceedings of the 2003 annual ACM SIGAda international conference on Ada: the engineering of correct and reliable software for real-time & distributed systems using ada and related technologies
IEEE Software
Towards agile security assurance
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
Extending XP practices to support security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Agile development of secure web applications
ICWE '06 Proceedings of the 6th international conference on Web engineering
An adaptive security model using agent-oriented MDA
Information and Software Technology
Extreme programming security practices
XP'07 Proceedings of the 8th international conference on Agile processes in software engineering and extreme programming
Lightweight modeling and analysis of security concepts
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Security planning and refactoring in extreme programming
XP'06 Proceedings of the 7th international conference on Extreme Programming and Agile Processes in Software Engineering
Towards an agile process for building software product lines
XP'06 Proceedings of the 7th international conference on Extreme Programming and Agile Processes in Software Engineering
| Hi-index | 0.00 |
The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and ‘top-down' architectures.