English

A Security Evaluation Framework for U.K. E-Goverment Services Agile Software Development

Cryptography and Security 2016-04-11 v1 Software Engineering

Abstract

This study examines the traditional approach to software development within the United Kingdom Government and the accreditation process. Initially we look at the Waterfall methodology that has been used for several years. We discuss the pros and cons of Waterfall before moving onto the Agile Scrum methodology. Agile has been adopted by the majority of Government digital departments including the Government Digital Services. Agile, despite its ability to achieve high rates of productivity organized in short, flexible, iterations, has faced security professionals disbelief when working within the U.K. Government. One of the major issues is that we develop in Agile but the accreditation process is conducted using Waterfall resulting in delays to go live dates. Taking a brief look into the accreditation process that is used within Government for I.T. systems and applications, we focus on giving the accreditor the assurance they need when developing new applications and systems. A framework has been produced by utilizing the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). This framework will allow security and Agile to work side by side and produce secure code.

Keywords

Cite

@article{arxiv.1604.02368,
  title  = {A Security Evaluation Framework for U.K. E-Goverment Services Agile Software Development},
  author = {Steve Harrison and Antonis Tzounis and Leandros A. Maglaras and Francois Siewe and Richard Smith and Helge Janicke},
  journal= {arXiv preprint arXiv:1604.02368},
  year   = {2016}
}

Comments

19 pages, 4 figures, International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.2, March 2016

R2 v1 2026-06-22T13:28:10.945Z