Archive

Archive for the ‘Agile Software Development’ Category

Agile 2015 Paper Draft

August 5th, 2015 Comments off

The draft version of the Agile 2015 paper on continuous deployment is available here:  Agile-2015_CameraReady.
Title of the paper: Synthesizing Continuous Deployment Practices Used in Software Development

Categories: Agile Software Development Tags:

Protection Poker: The New Software Security “Game”

March 7th, 2010 No comments

Williams L., Meneely A., Shipley G., Protection Poker: The New Software Security “Game” in IEEE Privacy & Security 2010, to appear

Tracking organizations such as the US CERT show a continuing rise in security vulnerabilities in software, increasing awareness of insecure coding practices. Not all discovered vulnerabilities are equal – some have the potential to cause much more damage to organizations and individuals than others. In the inevitable absence of infinite resources, software development teams need to prioritize security fortification efforts to prevent the most damaging attacks. We propose the Protection Poker “game” as a collaborative means of guiding this prioritization. A case study of a Red Hat IT software maintenance team demonstrated the potential of Protection Poker for improving software security practices and team software security knowledge.

Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer

December 28th, 2008 No comments

Adobe PDF Icon Williams, L., Gegick, M., and Meneely, A., Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer, International Symposium on Engineering Secure Software and Systems (ESSoS) 2009, Leuven, Belgium, to appear.

Discovery of security vulnerabilities is on the rise. As a result, software development teams must place a higher priority on preventing the injection of vulnerabilities in software as it is developed. Because the focus on software secu- rity has increased only recently, software development teams often do not have expertise in techniques for identifying security risk, understanding the impact of a vulnerability, or knowing the best mitigation strategy. We propose the Protection Poker activity as a collaborative and informal form of misuse case development and threat modeling that plays off the diversity of knowledge and perspective of the participants. An excellent outcome of Protection Poker is that security knowl- edge passed around the team. Students in an advanced undergraduate software engineering course at North Carolina State University participated in a Protection Poker session conducted as a laboratory exercise. Students actively shared misuse cases, threat models, and their limited software security expertise as they dis- cussed vulnerabilities in their course project. We observed students relating vul- nerabilities to the business impacts of the system. Protection Poker lead to a more effective software security learning experience than in prior semesters. A pilot of the use of Protection Poker with an industrial partner began in October 2008. The first security discussion structured via Protection Poker caused two requirements to be revised for added security fortification; led to the immediate identification of one vulnerability in the system; initiated a meeting on the prioritization of security defects; and instigated a call for an education session on preventing cross site scripting vulnerabilities.

On Agile Performance Requirements Specification and Testing

August 21st, 2008 No comments

Adobe PDF Icon Ho, Chih-wei, Johnson, Michael, Williams, L., Maximilien, E. M., On Agile Performance Requirements Specification and Testing, Agile 2006, Minneapolis, ISBN 0-7695-2562-8/06, electronic proceedings, 6 pages.

Abstract:

Underspecified performance requirements can cause performance issues in a software system. However, a complete, upfront analysis of a software system is difficult, and usually not desirable. We propose an evolutionary model for performance requirements specifications and corresponding validation testing. The principles of the model can be integrated into agile development methods. Using this approach, the performance requirements and test cases can be specified incrementally, without big upfront analysis. We also provide a post hoc examination of a development effort at IBM that had a high focus on performance requirements. The examination indicates that our evolutionary model can be used to specify performance requirements such that the level of detail is commensurate with the nature of the project. Additionally, the IBM experience indicates that test driven development-type validation testing corresponding to the model can be used to determine if performance objectives have been met.

A Longtitudinal Study of the Test-driven Development Practice in Industry

July 1st, 2007 Comments off

Sanchez, J., Williams, L., and Maximilien, M.,  A Longtitudinal Study of the Test-driven Development Practice in Industry, Agile 2007, Washington, DC.  pp. 5-14.

On the Stickiness of Agility in Software Development

July 1st, 2007 No comments

Williams, L.,  On the Stickiness of Agility in Software Development, Cutter Benchmark Review, Vol. 7, No. 7, pp. 5-12, July 2007.

A Longitudinal Study of the Test-driven Development Practice in Industry

April 11th, 2007 No comments

Adobe PDF Icon Sanchez, J., Williams, L., and Maximilien, M., A Longtitudinal Study of the Test-driven Development Practice in Industry, Agile 2007, Washington, DC. to appear.

Motivations and Measurements in an Agile Case Study

November 21st, 2006 No comments

Adobe PDF IconLayman, L., Williams, L., Cunningham, L., Motivations and Measurements in an Agile Case Study, Journal of System Architecture, Vol. 52, No. 11, pp. 654-667, November 2006.

Essential Communication Practices for Extreme Programming in a Global Software Development Team

September 12th, 2006 No comments

Layman, L., Williams, L., Damian, D., Bures, H., Essential Communication Practices for Extreme Programming in a Global Software Development Team , Information and Software Technology, Vol. 48, No., 9, pp. 781-794, September 2006.

Debunking the Nerd Stereotype with Pair Programming

May 10th, 2006 No comments

Williams, L., Debunking the Nerd Stereotype with Pair Programming (Broadening Participation in Computing Series), IEEE Computer, Vol. 31, No. 5, pp. 83-85, May 2006.