文章基本信息

标题：A Security Evaluation Framework for U.K. E-Government Services Agile Software Development
本地全文：下载
作者：Steve Harrison ; Antonis Tzounis ; Leandros Maglaras 等
期刊名称：International Journal of Network Security & Its Applications
印刷版ISSN：0975-2307
电子版ISSN：0974-9330
出版年度：2016
卷号：8
期号：2
页码：51
DOI：10.5121/ijnsa.2016.8204
出版社：Academy & Industry Research Collaboration Center (AIRCC)
摘要：This study examines the traditional approach to software development within the United KingdomGovernment and the accreditation process. Initially we look at the Waterfall methodology that has beenused for several years. We discuss the pros and cons of Waterfall before moving onto the Agile Scrummethodology. Agile has been adopted by the majority of Government digital departments including theGovernment Digital Services. Agile, despite its ability to achieve high rates of productivity organized inshort, flexible, iterations, has faced security professionals’ disbelief when working within the U.K.Government. One of the major issues is that we develop in Agile but the accreditation process is conductedusing Waterfall resulting in delays to go live dates. Taking a brief look into the accreditation process that isused within Government for I.T. systems and applications, we focus on giving the accreditor the assurancethey need when developing new applications and systems. A framework has been produced by utilising theOpen Web Application Security Project’s (OWASP) Application Security Verification Standard (ASVS).This framework will allow security and Agile to work side by side and produce secure code.
关键词：Agile programming; OWASP; Waterfall Methodology