@inproceedings{3c870dd88b78430e948c102988dcea69,
title = "Towards a secure SCRUM process for agile web application development",
abstract = "Agile development such as Scrum and Extreme Programming deliver so.ware in short iterations for quick response to rapid business requirement and market changes. However, established secure so.ware development methodologies are mostly based on linear models such as waterfall and V-model, making them unsuitable for direct application in an agile environment. .is paper presents a proposal for integrating security activities into Scrum process for developing secure Web applications. We identify gaps in existing approaches to secure agile development and analyze established security engineering activities. We then adapt these activities and orchestrate them into Scrum development process to achieve both security and agility. Our proposal is evaluated by a Scrum team developing commercial JAVA EE applications in an opinion survey.",
keywords = "Agile development, Secure development lifecycle (sdl), Secure scrum, Web application security",
author = "Patrik Maier and Zhendong Ma and Roderick Bloem",
note = "Publisher Copyright: {\textcopyright} 2017 Association for Computing Machinery.; 12th International Conference on Availability, Reliability and Security : ARES 2017 ; Conference date: 29-08-2017 Through 01-09-2017",
year = "2017",
month = aug,
day = "29",
doi = "10.1145/3098954.3103171",
language = "English",
series = "ACM International Conference Proceeding Series",
publisher = "Association of Computing Machinery",
booktitle = "ARES 2017 - Proceedings of the 12th International Conference on Availability, Reliability and Security",
address = "United States",
}