Towards a delegation-type secure software development method

Abstract

Agile methods are becoming increasingly popular and compared to traditional methods offer higher adaptability, quicker response to changing requirements and more efficient customer-developer collaboration throughout the entire software development process. However, they may not be the best way for achieving satisfactory security of the developed software due to their focus on the functional requirements. To address this issue, we developed a novel approach for achieving secure software with agile methods without adding unnecessary complexity or rigidity which is a key drawback of existing approaches eroding the agility. The proposed approach builds on delegation of responsibility for security, generic security user stories, and game of votes.