1 |
[Agile!=Security, 2012] Agile!=Security, 2012, http://www.rakkhis.com/2011/06/agile-security.html
|
2 |
Azham, Z., Ghani, I., Ithnin, N., "Security Backlog in Scrum Security Practices," 5th MySEC (Malaysian Conference in Software Engineering), 2011.
|
3 |
AAllen J. H., 2008] Allen J. H.,Software Security Engineering: A Guide for Project Manager, In Addison Wesley Professional, 2008.
|
4 |
Sedek K. A., Sulaiman S., and Omar M. A., A systematic literature review of interoperable architecture for e-government portals, Malaysian Conference in Software Engineering, pp. 82-87, 2011.
|
5 |
Spruit M. E. M. and Looijen M., IT security in Dutch practice, Computers and Security, vol. 15, No. 2, pp. 157-170, 1996.
DOI
|
6 |
A Jones., A framework for the management of information security risks, BT Technology ,2007.
|
7 |
Bala Musa.S, Norita Md Norwawi, Mohd Hassan Selamat, Khaironi Yetim Sharif Improved Extreme Programming, IEEE Symposium on Computers & Informatics, 2011.
|
8 |
Ryan Riley, Xuxian Jiang, Dongyan Xu., An Architectural Approach to Preventing Code Injection Attacks, IEEE Transactions On Dependable And Secure Computing, Vol. 7, No. 4, 2010.
|
9 |
Jie Ren, Richard Taylor, Paul Dourish, David Redmiles., Towards An Architectural Treatment of Software Security: A Connector-Centric Approach. Software Engineering for Secure Systems - Building Trustworthy Applications , 2005.
|
10 |
Mohamed El-Attar.,A framework for improving quality in misuse case models, Business Process Management Journal Vol. 18 No. 2, 2012.
|
11 |
Vibhu Saujanya Sharma, Kishor S. Trivedi.,Quantifying software performance, reliability and security:An architecture-based approach, The Journal of Systems and Software 80, p. 493-509, 2007.
DOI
|
12 |
Dieste O., and Juristo N., Systematic review and aggregation of empirical studies on elicitation techniques., IEEE Transactions on Software Engineering, vol. 37, no. 2, pp. 283-304, 2011.
DOI
|
13 |
Azim, A.S., Amir, S.S., Shams, F., "Embedding Architectural Practices into Extreme Programming," 19th Australian Conference on Software Engineering , 310-319, 2008.
|
14 |
Dyba, T., Dingsoyr, T., "Empirical studies of agile software development: A systematic review," Information and Software Technology , pg 833-859, 2008.
|
15 |
Mchugh, O., Conboy, K., Lang, M., "Agile Practices: "The Impact on Trust in Software Project Teams, "Articles on Computer Sciences , 71-76, 2011.
|
16 |
Slaten, K.M., Droujkova, M., Berenson, S.B., Williams, L., Layman, L., "Undergraduate Student Perceptions of Pair Programming and Agile Software Methodologies: Verifying a Model of Social Interaction," Proceedings of the Agile Development Conference, 2005.
|
17 |
Breivold, H.P., Sundmark, D., Wallin, P., Larsson, S., "What Does Research Say About Agile and Architecture," Fifth International Conference on Software Engineering Advances, 32-37, 2011
|
18 |
Salleh N., Mendes E., and Grundy J.,Empirical Studies of Pair Programming for CS/SE Teaching in Higher Education: A Systematic Literature Review, IEEE Transactions on Software Engineering, vol. 37, no. 4, pp. 509-525, 2011.
DOI
|
19 |
Wayrynen, J., Boden, M., Bostrom, G., "Security Engineering and eXtreme Programming: An Impossible Marriage?," Forum on Stockholm University/Royal Institute of Technology, 117-128, 2004.
|
20 |
Richard G. Epstein., "Getting Students to Think About How Agile Processes Can Be Made More Secure," 21st Conference on Software Engineering Education and Training, 2008.
|
21 |
Richard G. Epstein., Getting Students to Think About How Agile Processes Can Be Made More Secure,21st Conference on Software Engineering Education and Training, 2008.
|
22 |
Kitchenham B., Pearl O. B., Budgen D., Turner M., Bailey J., and Linkman S.,Systematic literature reviews in software engineering - A systematic literature review, Information and Software Technology, vol. 51, no. 1, pp. 7-15, 2009
DOI
|
23 |
B. A. Kitchenham et al..,Preliminary guidelines for empirical research in software engineering, IEEE Transactions on Software Engineering, vol. 28, no. 8, pp. 721-734, 2002.
DOI
|
24 |
Jim Q. Chen, Dien Phan, B. Wang, Douglas R. Vogel., Light-Weight Development Method: a Case Study, IEEE,2007.
|
25 |
Ali Inan, Murat Kantarcioglu, Gabriel Ghinita, and Elisa Bertino.,A Hybrid Approach to Private Record Matching, IEEE Transactions On Dependable And Secure Computing, Vol. 9, No. 5, 2012.
|
26 |
Bernhard Hammerli., Financial Services Industry. Critical Information Infrastructure Protection, LNCS 7130, pp. 301-329, 2012.
|
27 |
Donald G. Firesmith, 2010] Donald G. Firesmith., Engineering Safety- and Security-Related Requirements for Software-Intensive Systems: Tutorial Summary, ICSE, 2010.
|
28 |
Amir Mohd Talib,Rodziah Atan, Rusli Abdullah, Masraf Azrifah Azmi Murad., Multi agent system architecture oriented Prometheus methodology design to facilitate security of cloud data storage, Journal of Software Engineering , vol. 5, no. 3, pp. 78-90, 2011.
DOI
|
29 |
Lian Yu1, Shi-Zhong Wu, Tao Guo, Guo-Wei Dong,Cheng-Cheng Wan1, and Yin-Hang Jing., Ontology Model-Based Static Analysis of Security Vulnerabilities, LNCS 7043, pp. 330-344, 2011.
|
30 |
Sam Weber Paul A. Karger Amit Paradkar., A Software Flaw Taxonomy: Aiming Tools At Security.Software Engineering for Secure Systems, Building Trustworthy Applications, 2005.
|
31 |
GOETZ GRAEFE.,Query Evaluation Techniques for Large Databases, ACM Computing Surveys, Vol. 25, No. 2, 1993.
|
32 |
Ross Hytnen and Mario Garcia., AN ANALYSIS OF WIRELESS SECURITY, Consortium for Computing Sciences in Colleges, 2006.
|
33 |
Michael Kainerstorfer et al., 2011] Michael Kainerstorfer, Johannes Sametinger, Andreas Wiesauer., Software Security for Small Development Teams - A Case Study, WAS2011, 2011.
|
34 |
Terrence August and Tunay I. Tuncay, 2011] Terrence August, Tunay I. Tuncay., Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments, Management Science Vol. 57, Issue. 5, INFORMS, pp. 934-959, 2011.
DOI
|
35 |
Zhendong Ma, Christian Wagner, Thomas Bleier., Model-driven security for Web services in e-Government system: ideal and real, IEEE, 2011.
|
36 |
Mikko Siponena, Richard Baskervilleb and Tapio Kuivalainena., Integrating Security into Agile Development Methods, Proceedings of the 38th Hawaii International Conference on System Sciences , 2005.
|
37 |
Zahid Anwar and Roy Campbell., Automated Assessment Of Compliance With Security Best Practices, IFIP International Federation for Information Processing, Volume 290; Critical Infrastructure Protection II, eds. Papa, M., Shenoi, S., Boston, Springer, pp. 173-187, 2008.
|
38 |
Lane A.,Agile Development, Security Fail, RSA Conference Europe, 2011.
|
39 |
Siponen M., Baskerville R. and Kuivalainen T., Integrating Security into Agile Development Methods, Proceedings IEEE 38th Hawaii International Conference on System Sciences, pp. 7695-2268, 2005.
|
40 |
Dejan Baca, Bengt Carlsson.,Agile development with security engineering activities, Proceeding, ICSSP'11 Proceedings of International Conference on Software and Systems Process, 2011.
|
41 |
Gencer Erdogan, Per Hakon Meland, and Derek Mathieson., Security Testing in Agile Web Application Development - A Case Study Using the East Methodology. XP, LNBIP , Springer-Verlag Berlin Heidelberg ,48, pp. 14-27, 2010.
|
42 |
Neugent W.,Teaching Computer Securitv: A Course Outline, Computers and Security, vol. 1, pp. 152-163, 1982.
DOI
|
43 |
Hossein Keramati, Seyed-Hassan Mirian-Hosseinabadi., Integrating Software Development Security Activities with Agile Methodologies, IEEE, 2008.
|
44 |
Min, Liu Qiong-mei, Wang Cheng., Practices of Agile Manufacturing Enterprise Data Security and Software Protection, 2nd International Conference on Industrial Mechatronics and Automation, 2010.
|
45 |
Shore J. andWarden S. 2007.," The Art Of Agile Development", USA O'Reilly, 2007.
|
46 |
Rick Dove., Pattern Qualifications And Examples Of Next-Generation Agile System-Security Strategies, IEEE, 2010.
|
47 |
Steffen Bartsch., Practitioners' Perspectives on Security in Agile Development, Sixth International Conference on Availability, Reliability and Security, 2011.
|
48 |
Highsmith J.,What Is Agile Software Development?, Boston, Crosswalk, 2002
|
49 |
Gregorio D., How the Business Analyst Supports and Encourages Collaboration on Agile Projects, Massachusetts, 2012.
|
50 |
Spruit M. E. M. and Looijen M., "IT security in Dutch practice," Computers and Security, vol. 15, No. 2, pp. 157-170, 1996.
DOI
|
51 |
Post g. v. and Karen-Ann K. "Accessibility vs.Security: A Look at the Demand for Computer Security," Computers and Security, vol.10,pp.331-344, 2007.
|
52 |
John Steven.,"Security Testing of Internal Tools," Basic Training, 2007.
|
53 |
Qiu-Hong Wang, Wei T. Yue, Kai-Lung Hui,"Do Hacker Forums Contribute to Security Attacks?," WEB, 2011.
|
54 |
Brian Chess, Brad Arkin.,Software Security in Practice, Build in Security, 2011.
|
55 |
Richard Stanley., "Information Security. Cybercrimes: A Multidisciplinary Analysis," Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 95-126, 2010.
|
56 |
Siponen M., Baskerville R. and Kuivalainen T.:Integrating Security into Agile Development Methods, Proceedings IEEE 38th Hawaii International Conference on System Sciences, pp. 7695-2268, 2005.
|
57 |
Vibhu Saujanya Sharma, Kishor S. Trivedi," Architecture Based Analysis of Performance, Reliability and Security of Software Systems," WOSP , 2005.
|
58 |
Valcke P. and Dumortier J., 2012] Valcke P. and Dumortier J.:Trust in the information society - In search of trust generating. Computer law and security review, vol. 28, pp. 504-512, 2012.
DOI
|
59 |
Brian Chess, Brad Arkin.: Software Security in Practice, Build in Security, 2011.
|
60 |
Gary McGraw," Software Security, Building Security In," Addison-Wesley Professional, 2006.
|
61 |
Michael Dalton, Hari Kannan, Christos Kozyrakis," Raksha: A Flexible Information Flow Architecture for Software Security," ISCA, 2007.
|
62 |
Rhoden E., "People and processes - The Key Elements to Information Security,"Computer Fraud and Security, Volume,Issue: 6, pp. 14-15, 2002.
|
63 |
Spyros T. Halkidis, Nikolaos Tsantalis, Alexander Chatzigeorgiou,George Stephanides," Architectural Risk Analysis of Software Systems Based on Security Patterns." IEEE Transactions On Dependable And Secure Computing, Vol. 5, No. 3, 2008.
|
64 |
Jay-Evan J. Tevis, John A. Hamilton, Jr,"A Security-centric Ring-based Software Architecture." SpringSim , Vol. 2, 2007
|
65 |
Pratyusa K. Manadhata, Jeannette M. Wing,"An Attack Surface Metric." IEEE Transactions On Software Engineering, Vol. 37, No. 3, 2011.
|
66 |
Ashraf Ferdouse Chowdhury, Mohammad Nazmul Huda, "Comparison between Adaptive Software Development andFeature Driven Development" International Conference on Computer Science and Network Technology, 2011.
|
67 |
Stephen.R.Palm,"Feature-Driven Development-Practices," A Practical Guide to Feature-Driven Development, Chap.3, pp. 35-54, 2002
|
68 |
Scott Knight , Scott Buffett, Patrick C. K. Hung," The International Journal of Information Security Special Issue on privacy, security and trust technologies and E-business services," International Journal of Information Security, vol. 6, no. 5, pp. 285-286, Jul. 2007.
DOI
|
69 |
Konstantin Beznosov,Brian Chess,"An Industry Perspective on the Secure-Software Challenge, " Security for the Rest of Us,2008.
|
70 |
Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard A. Kemmerer, William Robertson ,Fredrik Valeur, and Giovanni Vigna," An Experience in Testing the Security of Real-World Electronic Voting Systems," IEEE Transactions On Software Engineering, vol. 36, no. 4, pp. 453-473, 2010.
DOI
|
71 |
Scott Knight, Scott Buffett,Patrick C. K. Hung," The International Journal of Information Security Special Issue on privacy, security and trust technologies and E-business services, " Guest Editors'Introduction,2007.
|
72 |
Carlos Becker Westphall, Peter Mueller,"Management of Security and Security for Management Systems, " Guest Editorial, 2010.
|
73 |
Yves Le Roux,"Information Security Governance for Executive Management, "Securing Electronic Business Processes, 2007.
|
74 |
Frank Innerhofer-Oberperfler ,Markus Mitterer, Michael Hafner and Ruth Breu,"A methodical Approach and case study," 2010.
|
75 |
Dejan Baca, Bengt Carlsson, Kai Petersen and Lars Lundberg," Improving software security with static automated code analysis in an industry setting, " Software Practice And Experience, 2012.
|
76 |
Leach J," TBSE and engineering approach to the design of accurate and reliable security systems, " Computers and Security, vol. 23, pp. 22-28, 2004.
DOI
|
77 |
Sanjay Bahl, O P Wali, Ponnurangam Kumaraguru," Information Security Practices Followed in the Indian Software Services Industry: An Exploratory Study, " EWI, 2011.
|
78 |
John B. Dickson,"Software Security: Is OK Good Enough?, " CODASPY,2011.
|
79 |
Ann E.K. Sobel, Gary McGraw," Interview:Software Security In The Real World, " Software Assurance, 2010.
|
80 |
W. AI-Salihy, Jannet Ann, R. Sures," Effectivess of Information Systems Security in IT Organizations" in Malaysia, IEEE,2003
|
81 |
C. Banerjee1, S. K. Pandey," Research on Software Security Awareness: Problems and Prospects, " ACM SIGSOFT Software Engineering Notes, 2010.
|
82 |
Kruys J. P. " Security of Open Systems. Computers and Security", vol. 8, pp. 139-147, 1989
DOI
|
83 |
Karadsheh L. :Applying security policies and service level agreement to IaaS service model to enhance security and transition, Computers And Security," vol. 31, pp. 315-326, 2012.
DOI
|
84 |
Stephen.R.Palm,"Feature-Driven Development-Practices, "A Practical Guide to Feature-Driven Development, Chap.3, pp. 35-54, 2002
|
85 |
John Steven,"Security Testing of Internal Tools, " Basic Training, 2007
|
86 |
Kyung Cheol Choi and Gun Ho Lee," Automatic Test Approach of Web Application for Security, " ICCSA, pp. 659-668, 2006.
|
87 |
Haralambos Mouratidis and Paolo Giorgini," Secure Tropos: a Security-Oriented Extension of the Tropos Methodology, " International Journal of Software Engineering and Knowledge Engineering , Vol. 17, pp.285-309, 2007
DOI
|
88 |
Purser S. A. "Improving the ROI of the security management process, " Computers and Security, vol. 23, pp. 542-546, 2004.
DOI
|
89 |
Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri and Dianxiang Xu," A threat model-based approach to security testing, " Software Practice Expert, JohnWiley & Sons, Ltd. ,2012
|
90 |
Venter H.S. and Eloff J.H.P. "A taxonomy for information security technologies, " Computers and Security, Vol. 22, Issue: 4, Pages: 299-307, 2003
DOI
ScienceOn
|
91 |
Hone K. and Eloff J.H.P. "Information security policy - what do international information security standards say?, "Computers and Security, pp. 402-409, 2002
|
92 |
S. Rehman & K. Mustafa," Research on Software Design Level Security Vulnerabilities, "ACM SIGSOFT Software Engineering Notes, Vol. 34, Number 6, 2009.
|
93 |
Imran Ghani, Izzaty Yasin, Software Security Engineering in eXtreme Programming Methodology: a Systematic Literature Review,S ci.Int. (Lahore), 25(2), 215-221,2013.
|
94 |
Daniel Mellado, Eduardo Fernandez-Medina, Mario Piattini," A Comparison of Software Design Security Metrics, " ECSA,2010.
|
95 |
Abdullahi SaniAdila FirdausSeung Ryul JeongImran Ghani, A Review on Software Development Security Engineering using Dynamic System Method (DSDM), International Journal of Computer Applications, Volume 69 - Number 25, 2013.
|
96 |
Coad, P., Lefebvre, E. & De Luca, J. Java Modeling In Color With UML: Enterprise Components and Process. Prentice Hall International. (ISBN 0-13-011510-X), 1999.
|
97 |
Palmer, S.R., & Felsing, J.M. A Practical Guide to Feature-Driven Development. Prentice Hall. (ISBN 0-13-067615-2), 2002.
|
98 |
Nicolaysen T., Sassoon R., Line M. B, Jaatun M. G., Agile Software Development: The Straight and Narrow Path to Secure Software?, International Journal of Secure Software Engineering, Vol. 1, Issue 3, pp.71-85, 2010.
DOI
|
99 |
http://www.skillresource.com, accessed on 03, December 2013.
|
100 |
Dlaminia M. T., Eloffa J. H. P., Eloffb M. M. "Information security: The moving target, " Computers & Security, vol. 28, pp. 189-198,2004.
|