Security breaches are happening all around us. Software systems have developed to the point that we use and depend upon them daily in the same way that we depend upon traditional infrastructures and utilities such as power, transportation and telecommunications. The value of sensitive information in software systems is constantly increasing as well as the corresponding threats, but measures to reduce the resulting vulnerability are not developed at the same pace. The consequences of this lack of investment in software security can be catastrophic.
Scrum is a de facto standard for development in Norway and even though it does not explicitly address security issues, there is a great potential for embedding security into an agile approach. The research in the area of software security is characterized by a huge number of methods (all based on a waterfall software development), a lack of credible empirical evaluation; and a split between industry practice and academic research. Existing security activities need to be redesigned and scientifically understood to integrate effectively with agile practices.
SoS-Agile will investigate two fundamental challenges: the need for a scientific approach to security research, and the integration of software security and agile software development. Our aim is to empirically understand how software systems can be designed, built, and maintained to systematically address security issues across an agile development lifecycle. Hence, to advance software security practice through explicitly addressing software vulnerabilities with empirical approaches to gather data, analyze those data, and develop new theories for the Science of Security.
SoS-Agile will enhance the scientific excellence of the research in Norway, stimulate new interdisciplinary innovative approaches to improve the security of software systems, and strengthen competitiveness in Norwegian industry, promoting Norway as a cutting-edge research and innovation nation in secure software development.
The principal objective of the project is to develop a research-based model of security engineering for agile software development through Science of Security.
Sub-goals:
1.Establish an empirical foundation for agile development of secure software by application and validation of security engineering approaches in industrial case studies
2.Develop new theory to explain the fundamental mechanisms of science of security in agile development
3.Develop and apply innovative approaches and tools for improving security in agile development
4.Increase the maturity of software security practices in Norwegian public and private software organizations
5.Enhance the quality and capacity of Norwegian research through university courses, and education of a skilled workforce of PhDs, PostDocs and master students in the area
6.Disseminate new knowledge and approaches to the international research community by publishing in the leading internationally recognized scientific journals and conferences