Trustworthy scrum: Development of secure software with scrum

Abstract

Software development process models focus on ordering and combination of phases to develop the intended software product within time and cost estimates. However, commonness of software vulnerabilities in the fielded systems show that there is a need for more stringent software development process that focuses on improved security demands. Meanwhile, there are some reports that demonstrate the efficiency of existing security enhanced conventional processes and success of agile projects over conventional waterfall projects. Based on this finding and the demand for secure software, we propose a security enhanced Scrum model (Trustworthy Scrum) by taking advantages of both security activities and Scrum framework which has fast adaptation and iterative cycle. While enhancing Scrum with security activities, we try to retain agile and security disciplines by considering that conventional security approach conflicts with agile methodologies.