Abstract
The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This paper describes how to grow security, organically, within an agile project, by using an incremental security architecture which evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The paper also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and 'top-down' architectures.
Original language | English |
---|---|
Title of host publication | Extreme Programming and Agile Processes in Software Engineering |
Subtitle of host publication | 6th International Conference, XP 2005, Sheffield, UK, June 18-23, 2005, Proceedings |
Editors | Hubert Baumeister, Michele Marchesi, Mike Holcombe |
Publisher | Springer-Verlag Berlin Heidelberg |
Pages | 57-65 |
Number of pages | 9 |
Volume | LNCS 3556 |
Edition | 1 |
ISBN (Electronic) | 9783540314875 |
ISBN (Print) | 9783540262770 |
DOIs | |
Publication status | Published - 2005 |
Externally published | Yes |
Event | The 6th International Conference on Extreme Programming and Agile Processes in Software Engineering - Sheffield, United Kingdom Duration: 18 Jun 2005 → 23 Jun 2005 Conference number: 6 https://dl.acm.org/doi/10.1007/11499053_39 |
Publication series
Name | Lecture Notes in Computer Science (Programming and Software Engineering) |
---|---|
Publisher | Springer |
Volume | 3556 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | The 6th International Conference on Extreme Programming and Agile Processes in Software Engineering |
---|---|
Abbreviated title | XP 2005 |
Country/Territory | United Kingdom |
City | Sheffield |
Period | 18/06/05 → 23/06/05 |
Internet address |