Security engineering in an evolutionary acquisition environment
Proceedings of the 1998 workshop on New security paradigms
Adaptive software development: a collaborative approach to managing complex systems
Adaptive software development: a collaborative approach to managing complex systems
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Secure systems development based on the common criteria: the PalME project
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Abuse-Case-Based Assurance Arguments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Static verification and extreme programming
Proceedings of the 2003 annual ACM SIGAda international conference on Ada: the engineering of correct and reliable software for real-time & distributed systems using ada and related technologies
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Bringing security home: a process for developing secure and usable systems
Proceedings of the 2003 workshop on New security paradigms
Risk Analysis in Software Design
IEEE Security and Privacy
Integrating Security into Agile Development Methods
HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 07
Towards agile security assurance
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Extreme Programming Explained: Embrace Change (2nd Edition)
Extreme Programming Explained: Embrace Change (2nd Edition)
Does the Common Criteria Paradigm Have a Future?
IEEE Security and Privacy
Agile security using an incremental security architecture
XP'05 Proceedings of the 6th international conference on Extreme Programming and Agile Processes in Software Engineering
Introduction to software engineering for secure systems: SESS06 -- secure by design
Proceedings of the 2006 international workshop on Software engineering for secure systems
Towards Agile Engineering of High-Integrity Systems
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
An automatic approach to aid process integration within a secure software processes family
ICSP'10 Proceedings of the 2010 international conference on New modeling concepts for today's software processes: software process
Agile development with security engineering activities
Proceedings of the 2011 International Conference on Software and Systems Process
Survey and analysis on Security Requirements Engineering
Computers and Electrical Engineering
| Hi-index | 0.00 |
This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer security requirements while maintaining the iterative and rapid feedback-driven nature of XP. More specifically, these steps result in two new security-specific flavours of XP User stories: Abuser stories (threat scenarios) and Security-related User stories (security functionalities). The introduced extensions also aid in formulating security-specific coding and design standards to be used in the project, as well as in understanding the need for supporting specific Security-related User stories by the system. The proposed extensions have been tested in a student project.