Peter John A. Francisco, Department of Computer Science, University of the Philippines, Quezon City, Philippines
Many approaches have been proposed to integrate security activities into agile software development methodologies. These studies did not seem to have made the jump into practice, however, since, per our experience, most software development teams are not familiar with the range of methods developed for this purpose. This knowledge gap makes the task especially difficult for agile project managers and security specialists attempting to achieve the delicate balance of agility and security for the first time. In this study, we surveyed proposed methods available in current literature for integrating security activities into agile software engineering. From 11 proposed secure agile methods published between 2004 to 2017, we extracted 5 insights which practitioners in agile software development and security engineering can use to more effectively, jointly embed security into their software development flows. We then used the insights in a retrospective case study of a software engineering project in a fintech startup company, a high-risk industry in terms of security, and conclude that prior knowledge of the insights would have addressed major challenges in their security integration task.
Agile Process, Software Engineering, Security, Survey