Log In Sign Up

How to Integrate Security Compliance Requirements with Agile Software Engineering at Scale?

by   Fabiola Moyón, et al.

Integrating security into agile software development is an open issue for research and practice. Especially in strongly regulated industries, complexity increases not only when scaling agile practices but also when aiming for compliance with security standards. To achieve security compliance in a large-scale agile context, we developed S2C-SAFe: An extension of the Scaled Agile Framework that is compliant to the security standard IEC 62443-4-1 for secure product development. In this paper, we present the framework and its evaluation by agile and security experts within Siemens' large-scale project ecosystem. We discuss benefits and limitations as well as challenges from a practitioners' perspective. Our results indicate that contributes to successfully integrating security compliance with lean and agile development in regulated environments. We also hope to raise awareness for the importance and challenges of integrating security in the scope of Continuous Software Engineering.


page 6

page 10


Challenges of Scaled Agile for Safety-Critical Systems

Automotive companies increasingly adopt scaled agile methods to allow th...

Compliance Requirements in Large-Scale Software Development: An Industrial Case Study

Regulatory compliance is a well-studied area, including research on how ...

An Approach for Reviewing Security-Related Aspects in Agile Requirements Specifications of Web Applications

Defects in requirements specifications can have severe consequences duri...

Using DevOps Toolchains in Agile Model-Driven Engineering

For Model-Driven Engineering (MDE) to become Agile, it is has to be usab...

Integrating User Experience into Agile – An Experience Report on Lean UX and Scrum

The integration of Agile development and user experience (UX) has receiv...

Achieving CMMI Level 2 with Enhanced Extreme Programming Approach

The relationship between agile methods and Software Engineering Institut...