{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:17:51Z","timestamp":1750306671170,"version":"3.41.0"},"reference-count":32,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2014,6,4]],"date-time":"2014-06-04T00:00:00Z","timestamp":1401840000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGSOFT Softw. Eng. Notes"],"published-print":{"date-parts":[[2014,6,4]]},"abstract":"The steep rise in security threats has forced organizations to adopt sound security practices right from the development stage of any software project. With the rising popularity of lightweight, agile methodologies, this becomes more complicated. This paper proposes a framework, FISA-XP, which can be adopted for the development of a secure software system. The proposed framework integrates security activities with the core activities of Extreme Programming based on their degree of agility. In order to calculate agility degree, some agility features are selected using a threshold value. The compatibility of the agile activities with security activities is subsequently assessed by introducing an integration matrix that describes whether integration of an agile activity with each security activity is possible or not. This framework assists in integrating security activities with agile activities, keeping the combined agility degree within acceptable limits. Thus, our approach introduces an Acceptable Agility Reduction Factor, which gives a threshold value for an acceptable reduction in agility degree. If reduction in combined agility degree is below the threshold value then that security activity is not accepted for integration. TISA-XP, an automated tool, has been designed to enable developers to use FISA-XP practically. This tool has been used by a software-developing company on an experimental basis and the feedback reflects its practical feasibility.<\/jats:p>","DOI":"10.1145\/2597716.2597728","type":"journal-article","created":{"date-parts":[[2014,6,10]],"date-time":"2014-06-10T12:50:17Z","timestamp":1402404617000},"page":"1-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["FISA-XP"],"prefix":"10.1145","volume":"39","author":[{"family":"Sonia","sequence":"first","affiliation":[{"name":"University of Delhi, Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Archana","family":"Singhal","sequence":"additional","affiliation":[{"name":"University of Delhi, IP College for Women, Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hema","family":"Banati","sequence":"additional","affiliation":[{"name":"University of Delhi, Dyal Singh College, Delhi, India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2014,6,4]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/AgileIndia.2012.9"},{"key":"e_1_2_1_2_1","volume-title":"Fifth International Conference on Advances in Recent Technologies in Communication and Computing, ARTCom","author":"Sonia A.","year":"2013","unstructured":"Sonia , A. Singhal , H. Banati , Measuring Relative Importance of Agility Features Contributing Towards Agility of a Software Process . In Fifth International Conference on Advances in Recent Technologies in Communication and Computing, ARTCom 2013 , Bangalore, India, Elsevier. Sonia, A. Singhal, H. Banati , Measuring Relative Importance of Agility Features Contributing Towards Agility of a Software Process. In Fifth International Conference on Advances in Recent Technologies in Communication and Computing, ARTCom 2013, Bangalore, India, Elsevier."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.4018\/jsse.2011070104"},{"key":"e_1_2_1_4_1","volume-title":"First ACM Workshop on Business Driven Security Engineering (BizSec)","author":"Beznosov","year":"2003","unstructured":"K. Beznosov , Extreme Security Engineering : On Employing XP Practices to Achieve 'Good Enough Security' without Defining It . First ACM Workshop on Business Driven Security Engineering (BizSec) , Fairfax, VA , 31 October , 2003 . K. Beznosov, Extreme Security Engineering: On Employing XP Practices to Achieve 'Good Enough Security' without Defining It. First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax, VA, 31 October, 2003."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.796139"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2007.02.002"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/AICCSA.2008.4493611"},{"key":"e_1_2_1_8_1","first-page":"117","volume-title":"Proceedings of the 4th Conference on Extreme Programming and Agile Methods.","author":"W\u00e4yrynen M.","year":"2004","unstructured":"J. W\u00e4yrynen , M. Bod\u00e9n , G. Bostr\u00f6m , Security Engineering and eXtreme Programming : An Impossible Marriage? In Proceedings of the 4th Conference on Extreme Programming and Agile Methods. 2004 , Springer-Verlag, Lecture Notes in Computer Science. p. 117 . J. W\u00e4yrynen, M. Bod\u00e9n, G. Bostr\u00f6m, Security Engineering and eXtreme Programming: An Impossible Marriage? In Proceedings of the 4th Conference on Extreme Programming and Agile Methods. 2004, Springer-Verlag, Lecture Notes in Computer Science. p. 117."},{"key":"e_1_2_1_9_1","first-page":"226","volume-title":"G. et al. (eds.) XP","author":"Ge R.F.","year":"2007","unstructured":"X. Ge , R.F. Paige , F. Polack , P. Brooke , Extreme Programming Security Practices. Concas , G. et al. (eds.) XP 2007 , LNCS 4536, pp. 226 -- 230 . Springer , Heidelberg, 2007. X. Ge, R.F. Paige, F. Polack, P. Brooke, Extreme Programming Security Practices. Concas, G. et al. (eds.) XP 2007, LNCS 4536, pp. 226--230. Springer, Heidelberg, 2007."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2005.329"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-18440-6_22"},{"issue":"4","key":"e_1_2_1_12_1","volume":"8","author":"Sonia A.","year":"2011","unstructured":"Sonia , A. Singhal , H. Banati , Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD model. In IJCSI International Journal of Computer Science Issues , Vol. 8 , Issue 4, No. 1 , July 2011 , Mauritius. Sonia, A. Singhal, H. Banati, Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD model. In IJCSI International Journal of Computer Science Issues, Vol. 8, Issue 4, No. 1, July 2011, Mauritius.","journal-title":"IJCSI International Journal of Computer Science Issues"},{"key":"e_1_2_1_13_1","unstructured":"Extreme Programming: a gentle introduction http:\/\/www.extremeprogramming.org\/ Extreme Programming: a gentle introduction http:\/\/www.extremeprogramming.org\/"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1287\/inte.24.6.19"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJSSCI.2008.017590"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2009.25"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0924-0136(02)00674-X"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065907.1066034"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1137627.1137631"},{"key":"e_1_2_1_20_1","first-page":"247","volume-title":"International Conference on Quality, Reliability, and Maintenance\"","author":"Ren J.","year":"2000","unstructured":"Ren , J. , Yusuf , Y.Y. , Burns , N.D. , \"A prototype of measurement system for agile enterprise . In: International Conference on Quality, Reliability, and Maintenance\" . Oxford, UK , pp. 247 -- 252 , 2000 . Ren, J., Yusuf, Y.Y., Burns, N.D., \"A prototype of measurement system for agile enterprise. In: International Conference on Quality, Reliability, and Maintenance\". Oxford, UK, pp. 247--252, 2000."},{"key":"e_1_2_1_21_1","first-page":"41","article-title":"A decision-support framework for agile enterprise partnering","author":"Ren J.","year":"2009","unstructured":"Ren , J. , Yusuf , Y.Y. , Burns , N.D. , \" A decision-support framework for agile enterprise partnering \". In The International Journal of Advanced Manufacturing Technology , March 2009 , Volume 41 , Issue 1-2, pp 180--192. Ren, J., Yusuf, Y.Y., Burns, N.D., \"A decision-support framework for agile enterprise partnering\". In The International Journal of Advanced Manufacturing Technology, March 2009, Volume 41, Issue 1-2, pp 180--192.","journal-title":"The International Journal of Advanced Manufacturing Technology"},{"key":"e_1_2_1_22_1","volume-title":"International Journal of industrial ergonomics 37","author":"Sherehiy W.","year":"2007","unstructured":"B. Sherehiy , W. Karwowski , J. K. Layer , A review of enterprise agility: Concepts, frameworks, and attributes . International Journal of industrial ergonomics 37 ( 2007 ), Elsevier PP. 445--460. B. Sherehiy, W. Karwowski, J. K. Layer, A review of enterprise agility: Concepts, frameworks, and attributes. International Journal of industrial ergonomics 37 (2007), Elsevier PP. 445--460."},{"key":"e_1_2_1_23_1","volume-title":"February","author":"Beck","year":"2001","unstructured":"K. Beck , Manifesto for Agile Software Development , February 2001 . K. Beck, Manifesto for Agile Software Development, February 2001."},{"key":"e_1_2_1_24_1","unstructured":"The Agile Alliance Home Page http:\/\/www.agilealliance.org\/home. The Agile Alliance Home Page http:\/\/www.agilealliance.org\/home."},{"key":"e_1_2_1_25_1","volume-title":"A guide to most effective secure development practice in use today","author":"Safe Code Review","year":"2008","unstructured":"Safe Code Review , A guide to most effective secure development practice in use today , 2008 . http:\/\/www.safecode.org\/publications\/SAFECode_Dev_Practices1008.pdf Safe Code Review, A guide to most effective secure development practice in use today, 2008. http:\/\/www.safecode.org\/publications\/SAFECode_Dev_Practices1008.pdf"},{"key":"e_1_2_1_26_1","unstructured":"White Paper Review Application Security by Designweb.securityinnovation.com\/whitepaper-library\/ White Paper Review Application Security by Designweb.securityinnovation.com\/whitepaper-library\/"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.01.010"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSEET.2008.19"},{"volume-title":"An Integrated Approach To Software Engineering","author":"Jalote P.","key":"e_1_2_1_29_1","unstructured":"Jalote , P. : An Integrated Approach To Software Engineering , Narosa Publishing House , Second Edition . Pg. 199 Jalote, P.: An Integrated Approach To Software Engineering, Narosa Publishing House, Second Edition. Pg. 199"},{"key":"e_1_2_1_30_1","unstructured":"OWASP https:\/\/www.owasp.org\/index.php\/Category:OWASP_CLASP_Project OWASP https:\/\/www.owasp.org\/index.php\/Category:OWASP_CLASP_Project"},{"key":"e_1_2_1_31_1","unstructured":"Build Security In https:\/\/buildsecurityin.uscert.gov\/bsi\/articles\/bestpractices\/requirements\/548BSI.html Build Security In https:\/\/buildsecurityin.uscert.gov\/bsi\/articles\/bestpractices\/requirements\/548BSI.html"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1987875.1987900"}],"container-title":["ACM SIGSOFT Software Engineering Notes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2597716.2597728","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2597716.2597728","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T07:00:50Z","timestamp":1750230050000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2597716.2597728"}},"subtitle":["an agile-based integration of security activities with extreme programming"],"short-title":[],"issued":{"date-parts":[[2014,6,4]]},"references-count":32,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2014,6,4]]}},"alternative-id":["10.1145\/2597716.2597728"],"URL":"https:\/\/doi.org\/10.1145\/2597716.2597728","relation":{},"ISSN":["0163-5948"],"issn-type":[{"type":"print","value":"0163-5948"}],"subject":[],"published":{"date-parts":[[2014,6,4]]},"assertion":[{"value":"2014-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}