Agile Security Requirements: A master study into their application
MetadataShow full item record
Agile is the contemporary development practice of choice but security has been claimed as a challenge for it. This thesis investigates whether agile methods can be used for security-critical software and if the reason why the majority of Norwegian companies deviate from the agile methodology in their development is linked to security, by looking at the security requirements. A questionnaire and interviews of Norwegian companies were undertaken, and while the questionnaire did not yield any results the data from the interview indicate that the reasons for not conforming to the methodology appear to be related to security work and assurance. Agile is implied by the limited sample size to not only be useable for security-critical software but may be the best option in projects with uncertainty to the system and changing security requirements.