Agile Threat Assessment and Mitigation: An Approach for Method Selection and Tailoring
Clemens Teichmann and Stephan Renatus and Jörn Eichler – 2016
Security engineering and agile development are often perceived as a clash of cultures. To address this clash, several approaches have been proposed that allow for agile security engineering. Unfortunately, agile development organizations differ in their actual procedures and environmental properties resulting in varying requirements. The authors propose an approach to compare and select methods for agile security engineering. Furthermore, their approach addresses adaptation or construction of a tailored method taking the existing development culture into account. The authors demonstrate the feasibility of their proposal and report early experiences from its application within a small development organization for digital solutions in the automotive domain.