Agile methodology such as Scrum, Extreme Programming (XP), Feature Driven Development (FDD) and the Dynamic System Development Method (DSDM) have gained enough recognition as efficient development process by delivering software fast even under the time constrains. However, like other agile methods DSDM has been criticized because of unavailability of security element in its four phases. In order to have a deeper look into the matter and discover more about the reality, we conducted a literature review. Our findings highlight that, in its current form, the DSDM does not support developing secure software. Although, there are a few researches on this topic about Scrum, XP and FDD but, based on our findings, there is no research on developing secure software using DSDM. Thus, in our future work we intend to propose enhanced DSDM that will cater the security aspects in software development.
Keywords
AgileDevelopment; Software Security; Software Engineering; Dynamic System Development Method; DSDM
INTRODUCTIONThe DSDM software development approach that provides a framework for building and maintaining systems, meets tight time schedule through the use of incremental and iterative prototyping in a controlled project environment [1]. On the other hand, According to the computer Emergency Response Team (CERT) statistics [3].There had been a considerable increase in security related software vulnerabilities reported over the last few years. However, like other agile methods, the existing DSDM does not provide any phase or sub-phase to address security issue in software development. In general, one of the most important reasons why the agile methods ignore security issue of software may come from the misconception that security delays development process [2].Despite this misconception, security remains one of the most important non-functional requirements of a software system. Though, recently, a few efforts have made in order to address the security in software development, such efforts using agile models like Scrum, XP. Some of such efforts have been published However, based on the literature review, we found that there is a small amount of research conducted on developing secure software using DSDM. In order to have a deeper look into the fact, this paper presents the concepts of DSDM, its principles, techniques, practices, general security principles, limitations of DSDM in terms of addressing security, and the analysis of literature review. Thus, it is appropriate to commence with the concept of DSDM.
DSDM AND PRINCIPLESThe basic concept of DSDM is that the time and resource are adjusted, so that the agility feature of DSDM is satisfied. Basically, DSDM has four main phases (Figure 1). The four main phases are feasibility, functional model iteration, design and build iteration and implementation. Then each phase has several sub-phases as mentioned below.
