Project Description

Project Description

As technology becomes a more integral part of daily life, consumers are beginning to become more concerned with having assurance that the software they use is secure enough to be entrusted with their personal information. Thus, the responsibility lies on the developers to produce applications that can be trusted by the users. This trust encompasses such aspects as security, reliability, integrity and privacy. As such, developers are now recognizing the need to integrate security into the software development life-cycle. There are different methodologies of software engineering, though, such as the Waterfall Model and Extreme Programming (XP), and one question that has arisen is the effectiveness of different techniques in meeting the specified security requirements. The prevailing theory is that security should be a structured part of each phase of the development cycle. The question then becomes, will XP, which has traditionally shunned structure, be able to provide empirically secure applications? The project concerns outlining the possibility of "Trusted XP", which would delineate the necessary steps which would need to be taken by developers in order to integrate security into the XP model.

This summer, we will be focusing on security, one of the specific elements of "trust." To this end, we will be developing a survey in order to gather information from customers about their requirements gathering procedures. This survey will provide us with information about current customer security practices and will give us information so that we can guide customers in creating their own security standards, which would be reflected in their product/system requirements. Specifically, we aim to create a taxonomy of security-related requirements that analysts should use to ensure security is considered in their requirements gathering activities. This taxonomy will be useful in gathering requirements in all software development methodologies and will be an important contribution to the "Trusted XP" research project.