Getting Students to Think About How Agile Processes can be Made More Secure

Abstract

Agile processes play an important role in the authorpsilas undergraduate course in software engineering. The course is a required course for undergraduate majors in Computer Science. Agile processes, like eXtreme Programming (XP), have been criticized for not providing a good framework for building secure software. The course begins by covering what some people have called ldquothe warrdquo between the traditional waterfall process folks and the agile process folks. After students are given an introduction to various processes on both sides of ldquothe warrdquo (with an emphasis on PSP, CMMI and XP) and after students are introduced to basic concepts about how to make software systems more secure (drawing heavily on Viega and McGrawpsilas book Building Secure Software), the course turns its attention to how XP (in particular) can be made more secure. This topic generates a lot of enthusiasm among the students. The students seem to enjoy the challenge of creating new ideas to improve the manner in which XP addresses security issues. Students have come up with many creative and stimulating ideas about how eXtreme Programming can be made more secure without the necessity for what some have called ldquobig up front designrdquo. This paper presents some of the creative ideas students have come up with regarding this issue and discusses the team projects that give students the opportunity to explore security issues for agile processes in some depth.