Role-based Extreme Programming (XP) for secure software development

Agile methods such as Extreme Programming (XP), Scrum and Feature Driven Development (FDD), are known as efficient development processes because of quick delivery of software even under time and budget constraints. However, certain researches make a point to criticize the XP, Scrum and FDD due to the unavailability of security elements in their various phases and practices. This paper particularly focuses on the limitations of XP, its roles and practices towards developing secure software. Based on our findings, we noticed that software developed using XP method software can be delivered quickly; however the developed software may not be secure. This causes spending more time and budget to repair the software (in terms of security) after the software has been delivered. In this paper, we introduce a new role called “Security Master” and relate certain existing XP practices to it. Based on the initial findings, it has been noticed that the Security Master role helped the XP team to develop secure software during development and after the integration of software.