The Twelve XP Practices Applied to Cyber Network Security and Fighting Cyber Crime

Size: px
Start display at page:

Download "The Twelve XP Practices Applied to Cyber Network Security and Fighting Cyber Crime"

Transcription

1 The Twelve XP Practices Applied to Cyber Network Security and Fighting Cyber Crime Martin Dudziak Fellow, Center for Advances Defense Studies Washington, DC July 17, 2009 The XP ( extreme Programming ) model was first developed and matured in the software engineering community by Kent Beck and Ron Jeffries, both pioneers, respectively in software engineering and object-oriented programming, and in computer science, artificial intelligence, and man-machine interfaces. As a discipline within software system and code design, programming and maintenance, XP is well-known and popular. Outside of the traditional IT field, XP is comparatively unknown, and rarely considered for its utility as a model for technical teamwork, organizational management and communications, and problem-solving in other disciplines. This methodology has a great deal to offer those who are working on the challenges of cyber network security, crime and attacks. The remarks here are not about the applicability and utility of XP for teams that are explicitly working on software development, conversion, maintenance, and other tasks that lend themselves to small groups of programmers and software engineers working closely on technical blocks of work. Rather, the point being made here is that XP can be very useful for building and conducting a combined defensive + offensive strategy in protecting cyber network infrastructures. Such a strategy is one that aims to uncover motives and intentions among attackers and the planners of cyber warfare and aggression, to defeat them proactively, ahead of their game plan, to fend off attacks that are successfully launched, and finally to remove the attractors, incentives, and payoffs that come to the attackers from their results. This is a strategy that must be constantly changing, adapting, evolving, and with a great deal of flexibility and thinking outside the box, not only with respect to algorithms, software code, systems integration, and public communication including alerts and quarantines. A successful approach to our modern-day cyber wars is one that can be based upon what XP offers in conventional software engineering. This is a shift from the paradigm that has been employed, generally speaking, up until the present. It is a shift that even highly successful cyber crime organizations and their leaders will be hard-pressed to counter by virtue of the ways in which cyber crime organizers are inherently forced to coordinate and manage themselves, as criminal and/or terrorist organizations, in other cases as solo operators, and in any case, with many constraints as far as openness of communication and ability to organize in an open corporate type of working environment. XP thrives upon and breed openness, communication, sharing, and innovation that is spread among closely-coupled and openly communicating teams. This is not the way most criminals think or can think. Herein lies one of the keys for defeating their methods and their model. While some of the twelve principles re-examined here may seem to be a stretch of the imagination with respect to cyber defense that is distinct from the purely software aspects of such defense, the fact is that there are some fundamental work practices and disciplines that simply work very well in any kind of environment. Furthermore, there is no question about the link between quick changes in software that may be part of an IT department s upgrade project and the quick-thinking and changing that comes as part of a response to a cyber attack in progress Jul-09 10:16 PM

2 The Planning Process, sometimes called the Planning Game. The aim of the XP planning process is to define the outcomes value of desired features that may be known or expected to be in a particular kind of attack, or else originating from a type of aggressor (state, non-state, organization, cell, individual). Cost estimates are developed for the alternative outcomes of different types of attack. Choices are made regarding what type of features including anomalies need to be sought, tracked, examined and some of this work is not unlike a costs benefit analysis trade-offs are examined because there is no possibility to cover all angles and parallel tracks simultaneously. Small Releases. XP strike force teams put a simple response system into production early, and update it frequently on a very short cycle, following on the heels of the first alerts and heads-up notifications of changed cyber attack modus operandi and technical features. These are not necessarily releases of code but of action-items as well the what to do next which are often procedural and as much involving the business/social process as anything on the computer itself. Metaphor. In software XP, teams use a common "system of names" and a common system description, the purpose and benefit of which guides development and communication. The same common language approach expedites cooperation and collaboration among different and seemingly unrelated groups working often around the world and around the clock to tackle a cyber attack. Less time and energy are spent among cyber warriors to decipher what the other team is saying and trying to do. Simple Design. A cyber defense or countermeasure built with XP should be the simplest that meets the current requirements. The aim is to freeze the advance of the attack and to undo damages already done. There is not much building for the future" even though ultimately somebody needs to be addressing those more long-term needs. Instead, the focus is on providing something that will stop the damage and reinforce the network. As in software-dev XP, techniques such as "refactoring" can be used to eliminate duplication and redundancy. Testing. In software XP, teams are constantly in QA/QC mode, aiming to validate at all times, whenever change is introduced. This is even more essential as an instinctive practice in developing and trying out new responses, software or otherwise, to the forensic, countermeasure, enforcement and recovery processes in cyber security, because the nature of the aggression and intervention is generally full of unknowns, at least during the initial defensive stage. One does not know exactly what one is up against, and every unknown detail could be something that reacts and even takes advantage of minor changes in the defender s tactics, software included. Good programmers develop good software by first writing tests to cover all the use cases, then when they are sure they have addressed all of the possibilities, they go about creating the software that fulfills the requirements which have been reflected in those comprehensive tests. Writing software first and then thinking about the tests is a backwards approach almost certainly doomed to at least temporary failures and a lot of rewriting. In combating cyber attacks, the same holds true. The different possible outcomes need to be identified, lined up, and measures made for what would be a satisfactory act of remediation or correction to the identified problem. Then it becomes possible to step back and design what will satisfy the different needs that have so been identified Jul-09 10:16 PM

3 Refactoring. The concept of refactoring refers to making non-functional changes to a process such as software code in a manner that improves internal consistence, clarity, and understandability but without changing the actions, the algorithms. Sometimes this is referred to as cleaning things up. Examples can include the removal of duplication, and an increase in communication including documentation. Within the cyber defense lifecycle, there is a benefit for any type of refactoring that can be mustered and maintained. Tomorrow s warriors need to understand what was tried, what worked, what did not work, and also how changes of yesterday have led to and perhaps has a causal role in forming modifications ( mutations ) in bots and other malware. The very nature of fighting the unknown, malleable and constantly mutating opponent is such that things can become very complicated and top-heavy very quickly, as far as one s own defensive tools are concerned. Subtleties can be missed, and in combating a cyber attacker, one of the most important arsenals is the ability to noticed anomalies that amount to being something like a mutation, almost imperceptible, in the behavior of some malware. If code and process complexity is not addressed and the complexities and difficulties of using the tools, no matter how good they are, begin to bog down the defenders, then there must be some refactoring taking place to offset those complexities and get back to the basics as far as concern ways to use computers and networks to overcome assailants. Pair Programming. In XP software development practice, programmers work in pairs, two programmers working together at one machine, writing all production code as a team unit. The concept of pair programming is based upon the notion, borne out by many experiments, that better quality software (more efficient, fewer errors, fewer rewrites and fixes, etc.) results with similar or lower cost in the end - than when programmers have been working alone. How does this translate to the tasks in cyber warfare? Certainly there is a very basic psychological fact that two heads can be better than one, especially when operating under the kind of elevated stress of firefighting and emergency response, as is the case when any attack is underway this is not a situation of simply building a new system. There is another value to the pairing concept, and it does not necessarily have to do with two people physically working together. This is more about two groups or teams working in parallel, deliberately taking different approaches, different angles. Why? To examine the alternatives that may be in the mind of the attacker, the perpetrator. To look for ideas that are really outside the box. Recall that the issue in a cyber attack is not only about the actual events going on inside computers and across networks, but the operations and people that have generated the attack, what they are trying to accomplish, what is their gain, and how can this gain be reduced, taken away, reducing the incentive for continuing further attacks. Collective Ownership. In software XP, there is the expression that All the code belongs to all the programmers. The idea behind this is to enable everyone working on the project to go full speed ahead, because, having access to everything in the software repertoire, then changes can be made without delay. In cyber defense, the idea is a little different. It should be more like, All the tools and resources can be virtually open source so that everyone on the team can grab the tool they need, when they need it, in order to try out an idea without delay. It s a matter of coordination, not classification and restriction. The more everyone has access to what others are thinking about and trying, the more likely it is that someone will do a faster job of connecting some dots or trying some kind of conceptual interpolation that results in an answer that works better against the threat Jul-09 10:16 PM

4 Continuous Integration. In software XP, there is constant integration and build-rebuild iteration. It s the nature of the work process, not the exception. The result is that programmers are more aware of what everyone else is doing. It s about being on the same page. Generally, XP advocates find that integration problems are fewer than among teams who integrate less often. The more there is exchange and communication, the more people can notice what needs to be modified before they get so far along that it becomes a headache and a requirement for roll-back to some point that may be long forgotten. In cyber warfare, this is also a powerful benefit. Ultimately, the solutions being considered are going to involve business processes, and software, and human interfaces, that have to talk to one another. The parts cannot be built in isolation. 40-hour Week. This is a simple fact of life for any field of work, especially one where there is a constant high-demand for sharp attention and acute, critical thinking. People need breaks, fresh air, healthy food, and exercise away from the work pit. On-site Customer. An XP project is best led, mentored and championed dedicated individual who is the customer and who is also empowered in that role for determining and/or validating requirements, setting and changing priorities, providing clarifications, answering questions, and resolving ambiguities. This translates in the cyber defense world to having a clear channel to decision makers in those organizations that are most effected by an attack and who may very well be the primary targets by the attacker for whatever is the latter s goal. Coding Standard. The importance of having common models, terminologies, and rules of engagement apply across disciplinary borders and certainly for teams that need to be in a lot of person-to-person and group-to-group communications. Standards are not only for business as usual but are especially important for special strike-force operations as are all facets of an effective cyber network defense strategy. References Ken Auer and Roy Miller (2001), Extreme Programming Applied: Playing To Win, Addison-Wesley. Kent Beck(1999), Extreme Programming Explained: Embrace Change, Addison-Wesley. Kent Beck and Martin Fowler (2000), Planning Extreme Programming, Addison-Wesley. Kent Beck and Cynthia Andres (2004), Extreme Programming Explained: Embrace Change, Second Edition, Addison-Wesley. Alistair Cockburn (2001), Agile Software Development, Addison-Wesley. Mike Cohn (2005), Agile Esstimating and Planning, Prentice-Hall 4 17-Jul-09 10:16 PM

5 Martin Fowler (1999), Refactoring: Improving the Design of Existing Code, Addison-Wesley. Harvey Herela (2005). Case Study: The Chrysler Comprehensive Compensation System. Galen Lab, U.C. Irvine. Jim Highsmith (2001). Agile Software Development Ecosystems, Addison-Wesley. Ron Jeffries, Ann Anderson and Chet Hendrickson (2000), Extreme Programming Installed, Addison- Wesley. Robert Martin and James Newkirk (2001), Extreme Programming in Practice, Addison-Wesley. Giancarlo Suchi and Michele Marchesi (2001), Extreme Programmed Examined, Pearson. Special Note The Twelve Principles and some of the phrases used throughout this memo originate in a concise summary of XP as a software methodology. The absence of an author s name on that original document renders it impossible to give credit and acknowledgement here and now for a very concise and useful summary of the software dimension of XP Jul-09 10:16 PM

Agile processes. Extreme Programming, an agile software development process. Extreme Programming. Risk: The Basic Problem

Agile processes. Extreme Programming, an agile software development process. Extreme Programming. Risk: The Basic Problem Agile processes Extreme Programming, an agile software development process Perdita Stevens School of Informatics University of Edinburgh What the spiral models were reaching towards was that software development

More information

Extreme Programming, an agile software development process

Extreme Programming, an agile software development process Extreme Programming, an agile software development process Nigel Goddard School of Informatics University of Edinburgh Recall: Waterfall and Spiral Models Waterfall: Spiral: Split project into controlled

More information

Extreme Programming, an agile software development process

Extreme Programming, an agile software development process Extreme Programming, an agile software development process Paul Jackson School of Informatics University of Edinburgh Recall: Waterfall and Spiral Models Waterfall: Spiral: Split project into controlled

More information

In the IEEE Standard Glossary of Software Engineering Terminology the Software Life Cycle is:

In the IEEE Standard Glossary of Software Engineering Terminology the Software Life Cycle is: In the IEEE Standard Glossary of Software Engineering Terminology the Software Life Cycle is: The period of time that starts when a software product is conceived and ends when the product is no longer

More information

SAFETY & RESILIENCE ISSUES IN AUTOMOTIVE SOFTWARE DEVELOPMENT PANEL

SAFETY & RESILIENCE ISSUES IN AUTOMOTIVE SOFTWARE DEVELOPMENT PANEL SAFETY & RESILIENCE ISSUES IN AUTOMOTIVE SOFTWARE DEVELOPMENT PANEL 1 Safety Panel when 26262 will be issued, enforced? What about 61508? by whom, which authorities? who and how will verify conformance?

More information

History of Agile Methods

History of Agile Methods Agile Development Methods: Philosophy and Practice CPSC 315 Programming Studio Fall 2010 History of Agile Methods Particularly in 1990s, some developers reacted against traditional heavyweight software

More information

Agile processes. Extreme Programming, an agile software development process

Agile processes. Extreme Programming, an agile software development process Agile processes Extreme Programming, an agile software development process Nigel Goddard School of Informatics University of Edinburgh What the spiral models were reaching towards was that software development

More information

Laboratório de Desenvolvimento de Software

Laboratório de Desenvolvimento de Software Laboratório de Desenvolvimento de Software FEUP/MIEIC, 2015/16 Ademar Aguiar Nuno Flores Rui Maranhão Hugo Ferreira Luís Teixeira url: moodle http://www.facebook.com/notes/facebook-engineering/visualizing-friendships/469716398919

More information

Ingegneria del Software Corso di Laurea in Informatica per il Management. Agile software development

Ingegneria del Software Corso di Laurea in Informatica per il Management. Agile software development Ingegneria del Software Corso di Laurea in Informatica per il Management Agile software development Davide Rossi Dipartimento di Informatica Università di Bologna The problem Efficiency: too much effort

More information

Introduction. Motivational Principles. An Introduction to extreme Programming. Jonathan I. Maletic, Ph.D.

Introduction. Motivational Principles. An Introduction to extreme Programming. Jonathan I. Maletic, Ph.D. An Introduction to extreme Programming Jonathan I. Maletic, Ph.D. Department of Computer Science Kent State University Introduction Extreme Programming (XP) is a (very) lightweight incremental software

More information

INF5120 Modellbasert Systemutvikling

INF5120 Modellbasert Systemutvikling INF5120 Modellbasert Systemutvikling Forelesning 17.03.2005 Agile Methods & Architecture QVT ATL, MOF2Txt Arne-Jørgen Berre 1 INF5120 - Forelesninger - 2005 M: MDA, T: Eclipse, IBM tool, C: COMET, U: U

More information

An Introduction to Extreme Programming

An Introduction to Extreme Programming An Introduction to Extreme Programming Ken Auer kauer@rolemodelsoft.com http://www.rolemodelsoft.com RoleModel Software, Inc. 5004 Rossmore Dr. Fuquay-Varina, NC 27526 919-557-6352 Page 1 The Joy of Software

More information

Human Aspects of Software Engineering: The Case of Extreme Programming

Human Aspects of Software Engineering: The Case of Extreme Programming 1 Human Aspects of Software Engineering: The Case of Extreme Programming Orit Hazzan 1 and Jim Tomayko 2 1 Department of Education in Technology and Science, Technion - IIT, Haifa 32000, Israel oritha@tx.technion.ac.il

More information

Extreme Programming. Sergey Konovalov and Stefan Misslinger. May 23, 2006

Extreme Programming. Sergey Konovalov and Stefan Misslinger. May 23, 2006 Extreme Programming Sergey Konovalov and Stefan Misslinger May 23, 2006 1 Contents 1 Introduction 3 2 Why do we need XP? 3 3 Economics of Software Development 4 4 Extreme Programming Values 4 5 Extreme

More information

Introduction to Software Project Management. CITS3220 Software Requirements & Project Management

Introduction to Software Project Management. CITS3220 Software Requirements & Project Management Introduction to Software Project Management CITS3220 Software Requirements & Project Management "A project gets a year late one day at a time." "Anything that can be changed will be changed until there

More information

RUP and XP, Part I: Finding Common Ground

RUP and XP, Part I: Finding Common Ground RUP and XP, Part I: Finding Common Ground by Gary Pollice Evangelist, The Rational Unified Process Rational Software extreme Programming (XP) is hot! Attend any software development conference today and

More information

XP & Scrum. extreme Programming. XP Roles, cont!d. XP Roles. Functional Tests. project stays on course. about the stories

XP & Scrum. extreme Programming. XP Roles, cont!d. XP Roles. Functional Tests. project stays on course. about the stories XP & Scrum Beatrice Åkerblom beatrice@dsv.su.se extreme Programming XP Roles XP Roles, cont!d! Customer ~ Writes User Stories and specifies Functional Tests ~ Sets priorities, explains stories ~ May or

More information

Deep Agile Blending Scrum and Extreme Programming. Jeff Sutherland Ron Jeffries

Deep Agile Blending Scrum and Extreme Programming. Jeff Sutherland Ron Jeffries Deep Agile Blending Scrum and Extreme Programming Jeff Sutherland Ron Jeffries Separation of XP and Scrum Methods * Largely Historical * XP chose to write more down * XP programmer focus * Successful Scrum

More information

Introduction to Agile Software Development. EECS 690 Agile Software Development

Introduction to Agile Software Development. EECS 690 Agile Software Development Introduction to Agile Software Development EECS 690 Agile Software Development Agenda Research Consent Forms Problem with Software Engineering Motivation for Agile Methods Agile Manifesto Principles into

More information

Project Management: PMBOK and more MIEIC, Laboratório de Gestão de Projectos

Project Management: PMBOK and more MIEIC, Laboratório de Gestão de Projectos Project Management: PMBOK and more MIEIC, Laboratório de Gestão de Projectos Ademar Aguiar FEUP, Universidade do Porto http://www.fe.up.pt/~aaguiar/ ademar.aguiar@fe.up.pt FEUP Ademar Aguiar MIEIC/LGPR,

More information

Lecture 21 March 7, 2013

Lecture 21 March 7, 2013 ECE155: Engineering Design with Embedded Systems Winter 2013 Lecture 21 March 7, 2013 Patrick Lam version 1 Software Development Lifecycle If you re asked to develop a software project, you re likely to

More information

Xtreme RUP. Ne t BJECTIVES. Lightening Up the Rational Unified Process. 2/9/2001 Copyright 2001 Net Objectives 1. Agenda

Xtreme RUP. Ne t BJECTIVES. Lightening Up the Rational Unified Process. 2/9/2001 Copyright 2001 Net Objectives 1. Agenda Xtreme RUP by Ne t BJECTIVES Lightening Up the Rational Unified Process 2/9/2001 Copyright 2001 Net Objectives 1 RUP Overview Agenda Typical RUP Challenges Xtreme Programming Paradigm Document driven or

More information

Embracing Change with Squeak: Extreme Programming (XP)

Embracing Change with Squeak: Extreme Programming (XP) Embracing Change with Squeak: Extreme Programming (XP) J. Sarkela, P. McDonough, D. Caster The Fourth Estate, Incorporated Introduction In the sports world, we often hear the adjective extreme applied

More information

Introduction to extreme Programming (XP)

Introduction to extreme Programming (XP) Introduction to extreme Programming (XP) Extreme Programming (XP) Kent Beck C3 Project Chrysler Comprehensive Compensation system. XP Values: Communication Courage Feedback Simplicity Established the Twelve

More information

Success Factors of Agile Software Development

Success Factors of Agile Software Development Success Factors of Agile Software Development Subhas C. Misra, Vinod Kumar, and Uma Kumar Carleton University, Ottawa, Canada Abstract Agile software development methodologies have recently gained widespread

More information

Software Development Life Cycle (SDLC)

Software Development Life Cycle (SDLC) Software Development Life Cycle (SDLC) Supriyo Bhattacharjee MOF Capability Maturity Model (CMM) A bench-mark for measuring the maturity of an organization s software process CMM defines 5 levels of process

More information

Modelling in an Agile World

Modelling in an Agile World Modelling in an Agile World John Daniels Fastnloose Limited www.fastnloose.com John Daniels Co-founder of Fastnloose Ltd Software development by dispersed teams Co-author of UML Components & Designing

More information

Agile Software Development

Agile Software Development Agile Software Development Application in the Medical Device Industry Kelly Weyrauch Medtronic, Inc. (29 April 2008) Introduction Purpose Provide an introduction to Agile Software Development as it applies

More information

Agile So)ware Development

Agile So)ware Development Software Engineering Agile So)ware Development 1 Rapid software development Rapid development and delivery is now often the most important requirement for software systems Businesses operate in a fast

More information

The State of Insurance Fraud Technology. A study of insurer use, strategies and plans for anti-fraud technology

The State of Insurance Fraud Technology. A study of insurer use, strategies and plans for anti-fraud technology The State of Insurance Fraud Technology A study of insurer use, strategies and plans for anti-fraud technology September 2014 The State of Insurance Fraud Technology A study of insurer use, strategies

More information

Re-Imagining the Cyber Warrior of the Future

Re-Imagining the Cyber Warrior of the Future CSO Vantage Point : Re-Imagining the Cyber Warrior of the Future Close The Gap Today, Win the Fight Tomorrow Jeff Schilling Chief Security Officer FireHost The War is Real Perhaps James R. Clapper, U.S.

More information

Chapter 1 Programming by Intention

Chapter 1 Programming by Intention Chapter 1 Programming by Intention Everything old is new again. The folks who brought us the extreme Programming books 1 were, among other things, promoting a set of best practices in software development.

More information

Agile & the Declaration of Interdependence: A new approach to Process Improvement www.davidconsultinggroup.com

Agile & the Declaration of Interdependence: A new approach to Process Improvement www.davidconsultinggroup.com by Michael Harris ARTICLE There has been much said and written about the mythical conflict between the values and principles of the Manifesto for Agile Software Development 1 (http://agilemanifesto.org/)

More information

EXTREME PROGRAMMING AGILE METHOD USED IN PROJECT MANAGEMENT

EXTREME PROGRAMMING AGILE METHOD USED IN PROJECT MANAGEMENT EXTREME PROGRAMMING AGILE METHOD USED IN PROJECT MANAGEMENT Cruceru Anca Romanian- American University, Faculty of Management- Marketing, 1B Expozitiei Blvd, Bucharest, cruceruanca@yahoo.com, 0723508894

More information

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two

More information

Test Driven Development Part III: Continuous Integration Venkat Subramaniam venkats@agiledeveloper.com http://www.agiledeveloper.com/download.

Test Driven Development Part III: Continuous Integration Venkat Subramaniam venkats@agiledeveloper.com http://www.agiledeveloper.com/download. Test Driven Development Part III: Continuous Integration Venkat Subramaniam venkats@agiledeveloper.com http://www.agiledeveloper.com/download.aspx Abstract In this final part of the three part series on

More information

Agile QA s Revolutionary Impact on Project Management

Agile QA s Revolutionary Impact on Project Management Agile QA s Revolutionary Impact on Project Management Introduction & Agenda Rachele Maurer Agile Coach, Platinum Edge Inc. PMP, CSM, PMI-ACP Agenda A quick overview of agile Current QA practices QA using

More information

Abstract. Heavy vs Light Methodologies: Bulimic or Anorexic? Fernando Brito e Abreu FCT/UNL

Abstract. Heavy vs Light Methodologies: Bulimic or Anorexic? Fernando Brito e Abreu FCT/UNL Heavy vs Light Methodologies: Bulimic or Anorexic? Fernando Brito e Abreu FCT/UNL ISCTE, 15 April 2005 Abstract 2 From anorexic to bulimic Overview of heavy-weight methodologies Origins of light-weight

More information

Cyber and Operational Solutions for a Connected Industrial Era

Cyber and Operational Solutions for a Connected Industrial Era Cyber and Operational Solutions for a Connected Industrial Era OPERATIONAL & SECURITY CHALLENGES IN A HYPER-CONNECTED INDUSTRIAL WORLD In face of increasing operational challenges and cyber threats, and

More information

EXTREME PROGRAMMING: NEWLY ACCLAIMED AGILE SYSTEM DEVELOPMENT PROCESS

EXTREME PROGRAMMING: NEWLY ACCLAIMED AGILE SYSTEM DEVELOPMENT PROCESS International Journal of Information Technology and Knowledge Management July-December 2010, Volume 3, No. 2, pp. 699-705 EXTREME PROGRAMMING: NEWLY ACCLAIMED AGILE SYSTEM DEVELOPMENT PROCESS Er. Rohini

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

AGILE SOFTWARE DEVELOPMENT

AGILE SOFTWARE DEVELOPMENT AGILE SOFTWARE DEVELOPMENT Michael Novikov and Nicolas Heuser May 23, 2006 1 Contents 1 THE TIME BEFORE AGILE SOFTWARE DEVELOPMENT 3 2 ADAPTIVE VERSUS PREDICTIVE SOFTWARE DEVELOPMENT 3 3 WHAT IS AGILITY?

More information

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission Hearing before the House Permanent Select Committee on Intelligence Homeland Security and Intelligence: Next Steps in Evolving the Mission 18 January 2012 American expectations of how their government

More information

Build your Project using Extreme Programming #2 of a Series, by Pavan Kumar Gorakavi, M.S., M.B.A, G.M.C.P, C.A.P.M.

Build your Project using Extreme Programming #2 of a Series, by Pavan Kumar Gorakavi, M.S., M.B.A, G.M.C.P, C.A.P.M. Build your Project using Extreme Programming #2 of a Series, by Pavan Kumar Gorakavi, M.S., M.B.A, G.M.C.P, C.A.P.M. 1. What is Extreme Programming? Extreme Programming is a software development methodology

More information

Agile Software Development in the Large

Agile Software Development in the Large Agile Software Development in the Large GI-Vortrag Braunschweig Jutta Eckstein Nicolai Josuttis What Does Large Mean? Large in... scope time people money risks We focus on Large Teams which implies everything

More information

Comparing Agile Software Processes Based on the Software Development Project Requirements

Comparing Agile Software Processes Based on the Software Development Project Requirements CIMCA 2008, IAWTIC 2008, and ISE 2008 Comparing Agile Software Processes Based on the Software Development Project Requirements Malik Qasaimeh, Hossein Mehrfard, Abdelwahab Hamou-Lhadj Department of Electrical

More information

The Intelligent, Proactive Information Assurance and Security Technology IPDM

The Intelligent, Proactive Information Assurance and Security Technology IPDM The Intelligent, Proactive Information Assurance and Security Technology IPDM Next Generation Network Intrusion Prevention and Deception Management Revealed Webb Wang CSO/CTO, and Conceptual Architect

More information

Network Security Landscape

Network Security Landscape Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing

More information

case study: IT governance and IT steering committee

case study: IT governance and IT steering committee case study: governance and steering committee transforms organizations to deliver competitive advantages The growing demand for alternative energy sources is voiced daily in the media, echoing the opinions

More information

Extreme Interviewing

Extreme Interviewing Extreme Interviewing Clement James Goebel III, Thomas Meloche, and Richard Sheridan Menlo Institute LLC 410 North Fourth Avenue 3rd Floor Ann Arbor, MI 48104 USA jgoebel@menloinstitute.com tmeloche@menloinstitute.com

More information

Agile with XP and Scrum

Agile with XP and Scrum Agile with XP and Scrum Amit Goel National Agile Software Workshop @ Indore Agile India Conference Agile Software Community of India Disclaimer and Credits Most of material in this presentation has been

More information

Methodology: Agile development of safety critical systems Annex D1.1.d to deliverable D1.1

Methodology: Agile development of safety critical systems Annex D1.1.d to deliverable D1.1 Collaborative Large scale Integrating Project Open Platform for EvolutioNary Certification Of Safety critical Systems Methodology: Agile development of safety critical systems to deliverable D1.1 Work

More information

Human Dimension in Cyber Operations Research and Development Priorities

Human Dimension in Cyber Operations Research and Development Priorities Human Dimension in Cyber Operations Research and Development Priorities Chris Forsythe a, Austin Silva a, Susan Stevens-Adams a, Jeffrey Bradshaw b a Sandia National Laboratories, Albuquerque, NM, USA,

More information

Software Process. Process: A sequence of activities, subject to constraints on resources, that produce an intended output of some kind.

Software Process. Process: A sequence of activities, subject to constraints on resources, that produce an intended output of some kind. Software Process Process: A sequence of activities, subject to constraints on resources, that produce an intended output of some kind. Any process has these characteristics: The process prescribes all

More information

WHAT MAKES AGILE DEVELOPMENT DIFFERENT?: A CASE STUDY OF

WHAT MAKES AGILE DEVELOPMENT DIFFERENT?: A CASE STUDY OF WHAT MAKES AGILE DEVELOPMENT DIFFERENT?: A CASE STUDY OF AGILE IN PRACTICE. Lewis Chasalow Virginia Commonwealth University chasalowlc@vcu.edu ABSTRACT Agile development methods have been described by

More information

D25-2. Agile and Scrum Introduction

D25-2. Agile and Scrum Introduction D25-2 Agile and Scrum Introduction How to Use this Download This download is an overview of a discussion Intertech has with clients on Agile/Scrum This download has an overview of Agile, an overview of

More information

Agile in Financial Services A Framework in Focus

Agile in Financial Services A Framework in Focus Agile in Financial Services A Framework in Focus John B. Hudson, B.Sc, PMP, CSM PMI NJ Chapter February 19, 2013 19 Feb 2013 1 Objectives 1. Agile Development an Overview 2. The Agile Enterprise Infrastructure

More information

Computer Science Department CS 470 Fall I

Computer Science Department CS 470 Fall I Computer Science Department CS 470 Fall I RAD: Rapid Application Development By Sheldon Liang CS 470 Handouts Rapid Application Development Pg 1 / 5 0. INTRODUCTION RAD: Rapid Application Development By

More information

Scrum for Managers, Zurich March 2010

Scrum for Managers, Zurich March 2010 Scrum for Managers Microsoft Corporation / TechTalk Zurich Switzerland March 2010 About Mitch Lacey Mitch Lacey 13+ years of program and project management experience Microsoft Program Manager 2001 2006

More information

Extreme Programming: Strengths and Weaknesses

Extreme Programming: Strengths and Weaknesses The International Arab Conference on Information Technology (ACIT 2013) Extreme Programming: Strengths and Weaknesses Ahmad dalalah Prep. Year Deanship University of Hail, SA a.dalalah@uoh.edu.sa Abstract:

More information

SOFTWARE ENGINEERING CSC 423 B - MWF 11-12 EXTREME PROGRAMMING

SOFTWARE ENGINEERING CSC 423 B - MWF 11-12 EXTREME PROGRAMMING SOFTWARE ENGINEERING CSC 423 B - MWF 11-12 EXTREME PROGRAMMING TO: Dr. Khaldoun El Khalidi FROM: Lamia Nassif, Jessy, Nadine Ghanem, & Pedro Maroun Eid Due: 20 March 2002 1 Table of Contents I. ABSTRACT...3

More information

Agile Projects 7. Agile Project Management 21

Agile Projects 7. Agile Project Management 21 Contents Contents 1 2 3 Agile Projects 7 Introduction 8 About the Book 9 The Problems 10 The Agile Manifesto 12 Agile Approach 14 The Benefits 16 Project Components 18 Summary 20 Agile Project Management

More information

Software Engineering

Software Engineering 1 Software Engineering Lecture 2: Software Life Cycles Stefan Hallerstede Århus School of Engineering 25 August 2011 2 Contents Naive Software Development Code & Fix Towards A Software Process Software

More information

Up-Front Design Versus Evolutionary Design in Denali s Persistence Layer

Up-Front Design Versus Evolutionary Design in Denali s Persistence Layer Up-Front Design Versus Evolutionary Design in Denali s Persistence Layer Jim Little Titanium I.T. LLC 3062 SW 153 rd Dr. Beaverton, OR 97006 USA +1 503 605 5442 jlittle@titanium-it.com ABSTRACT This experience

More information

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE ITA Strategic Plan FY 2011 - FY 2016 U.S. Army Information Technology Agency REALIZING The DoD ENTERPRISE COMPUTING ENVIRONMENT Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE Provide Quality

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

Development Techniques. CSE301 University of Sunderland Harry R. Erwin, PhD

Development Techniques. CSE301 University of Sunderland Harry R. Erwin, PhD Development Techniques CSE301 University of Sunderland Harry R. Erwin, PhD Sources Boehm, 1981, Software Engineering Economics, Prentice- Hall. Stephens and Rosenberg, 2003, Extreme Programming Refactored:

More information

Agile Software Development Approaches and Their History. Volkan Günal

Agile Software Development Approaches and Their History. Volkan Günal Agile Software Development Approaches and Their History Volkan Günal August 3, 2012 2 ABSTRACT Author: Günal, Volkan Enterprise Software Engineering 2012: Agile Software Development (Seminar) With the

More information

CSE 435 Software Engineering. Sept 16, 2015

CSE 435 Software Engineering. Sept 16, 2015 CSE 435 Software Engineering Sept 16, 2015 2.1 The Meaning of Process A process: a series of steps involving activities, constraints, and resources that produce an intended output of some kind A process

More information

Extreme Programming. As software organizations continue to move

Extreme Programming. As software organizations continue to move Spotlight Extreme Programming Rapid Development for Web-Based Applications Frank Maurer and Sebastien Martel University of Calgary As software organizations continue to move toward Web-based systems development,

More information

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus Department of Computer & Information Sciences INFO-450: Information Systems Security Syllabus Course Description This course provides a deep and comprehensive study of the security principles and practices

More information

Software Engineering and Scientific Computing

Software Engineering and Scientific Computing Software Engineering and Scientific Computing Barbara Paech, Hanna Valtokari Institute of Computer Science Im Neuenheimer Feld 326 69120 Heidelberg, Germany http://se.ifi.uni-heidelberg.de paech@informatik.uni-heidelberg.de

More information

Software Quality Assurance in Agile, XP, Waterfall and Spiral A Comparative Study

Software Quality Assurance in Agile, XP, Waterfall and Spiral A Comparative Study Software Quality Assurance in Agile, XP, Waterfall and Spiral A Comparative Study S. Vijayakumar vijsy003@students.unisa.edu.au School of Computer and Information Science University of South Australia,

More information

COMPARING TRADITIONAL AND AGILE DEVELOPMENT APPROACHES: THE CASE OF EXTREME PROGRAMMING

COMPARING TRADITIONAL AND AGILE DEVELOPMENT APPROACHES: THE CASE OF EXTREME PROGRAMMING COMPARING TRADITIONAL AND AGILE DEVELOPMENT APPROACHES: THE CASE OF EXTREME PROGRAMMING Dr. Mary Helen Fagan, University of Texas at Tyler, mfagan@uttyler.edu ABSTRACT Some adherents of agile development

More information

Life Cycle Models. V. Paúl Pauca. CSC 331-631 Fall 2013. Department of Computer Science Wake Forest University. Object Oriented Software Engineering

Life Cycle Models. V. Paúl Pauca. CSC 331-631 Fall 2013. Department of Computer Science Wake Forest University. Object Oriented Software Engineering Life Cycle Models V. Paúl Pauca Department of Computer Science Wake Forest University CSC 331-631 Fall 2013 Software Life Cycle The overall framework in which software is conceived, developed, and maintained.

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Introduction. Introduction. Software Engineering. Software Engineering. Software Process. Department of Computer Science 1

Introduction. Introduction. Software Engineering. Software Engineering. Software Process. Department of Computer Science 1 COMP209 Object Oriented Programming System Design Mark Hall Introduction So far we ve looked at techniques that aid in designing quality classes To implement a software system successfully requires planning,

More information

Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

Future Threat Landscape - How will technology evolve and what does it mean for cyber security? James Hanlon CISSP, CISM Security Strategist Office of the CTO EMEA Future Threat Landscape - How will technology evolve and what does it mean for cyber security? Think > What does the future of technology

More information

Primary Key Associates Limited

Primary Key Associates Limited is at the core of Primary Key Associates work Our approach to analytics In this paper Andrew Lea, our Technical Director in charge of, describes some of the paradigms, models, and techniques we have developed

More information

Agile and Secure: Can We Be Both?

Agile and Secure: Can We Be Both? Agile and Secure: Can We Be Both? OWASP AppSec Seattle Oct 2006 Keith Landrus Director of Technology Denim Group Ltd. keith.landrus@denimgroup.com (210) 572-4400 Copyright 2006 - The OWASP Foundation Permission

More information

PERFORMANCE ENGINEERING IN SCRUM

PERFORMANCE ENGINEERING IN SCRUM PERFORMANCE ENGINEERING IN SCRUM Balasubramanian, Infosys Technologies Limited This paper describes how performance engineering as a software discipline should be planned and executed in an agile development

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Software Configuration Management Practices for extreme Programming Teams

Software Configuration Management Practices for extreme Programming Teams Software Configuration Management Practices for extreme Programming Teams Ulf Asklund, Lars Bendix, Torbjörn Ekman {ulf bendix torbjorn}@cs.lth.se Department of Computer Science Lund Institute of Technology

More information

MANAGEMENT S ROLE 1/16/2002 152. Copyright 2001, Net Objectives

MANAGEMENT S ROLE 1/16/2002 152. Copyright 2001, Net Objectives MANAGEMENT S ROLE 1/16/2002 152 Continuous Overtime Is Counterproductive Working more hours does not increase productivity Overwork is usually an indication of something wrong - working more doesn t fix

More information

Overcoming Five Critical Cybersecurity Gaps

Overcoming Five Critical Cybersecurity Gaps Overcoming Five Critical Cybersecurity Gaps How Active Threat Protection Addresses the Problems that Security Technology Doesn t Solve An esentire White Paper Copyright 2015 esentire, Inc. All rights reserved.

More information

Basic Trends of Modern Software Development

Basic Trends of Modern Software Development DITF LDI Lietišķo datorsistēmu programmatūras profesora grupa e-business Solutions Basic Trends of Modern Software Development 2 3 Software Engineering FAQ What is software engineering? An engineering

More information

Scrum and Agile methods The real world

Scrum and Agile methods The real world Scrum and Agile methods The real world Claus Nyhus Christensen cnc@atira.dk Atira About me Master in CS from AAU 2001 2001-2004: Worked at Trifork as a kernel developer of a Java EE server 2004-2007: Worked

More information

EPL603 Topics in Software Engineering

EPL603 Topics in Software Engineering Lecture 3 Agile Software Development EPL603 Topics in Software Engineering Efi Papatheocharous Visiting Lecturer efi.papatheocharous@cs.ucy.ac.cy Office FST-B107, Tel. ext. 2740 Topics covered Agile methods

More information

Success of Agile Environment in Complex Projects

Success of Agile Environment in Complex Projects Edith Cowan University Research Online Australian Information Warfare and Security Conference Security Research Institute Conferences 2010 Success of Agile Environment in Complex Projects Abbass Ghanbary

More information

HOW TO USE THE DGI DATA GOVERNANCE FRAMEWORK TO CONFIGURE YOUR PROGRAM

HOW TO USE THE DGI DATA GOVERNANCE FRAMEWORK TO CONFIGURE YOUR PROGRAM HOW TO USE THE DGI DATA GOVERNANCE FRAMEWORK TO CONFIGURE YOUR PROGRAM Prepared by Gwen Thomas of the Data Governance Institute Contents Why Data Governance?... 3 Why the DGI Data Governance Framework

More information

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced

More information

QUALITY ASSURANCE IN EXTREME PROGRAMMING Plamen Balkanski

QUALITY ASSURANCE IN EXTREME PROGRAMMING Plamen Balkanski International Journal "Information Theories & Applications" Vol.10 113 QUALITY ASSURANCE IN EXTREME PROGRAMMING Plamen Balkanski Abstract: Our previous research about possible quality improvements in Extreme

More information

Adapting Extreme Programming For A Core Software Engineering Course

Adapting Extreme Programming For A Core Software Engineering Course Adapting Extreme Programming For A Core Software Engineering Course Anuja Shukla Department of Computer Science North Carolina State University Raleigh, NC 27695-7534 ashukla@unity.ncsu.edu Dr. Laurie

More information

Software Quality and Assurance in Waterfall model and XP - A Comparative Study

Software Quality and Assurance in Waterfall model and XP - A Comparative Study Software Quality and Assurance in Waterfall model and XP - A Comparative Study Dr. Sana a Jawdat Khalaf Sana_j_11@hotmail.com Dr. Mohamed Noor Al-Jedaiah m_aljedaiah@ammanu.edu.jo Abstract: -Dealing with

More information

Agile Software Development with Scrum. Jeff Sutherland Gabrielle Benefield

Agile Software Development with Scrum. Jeff Sutherland Gabrielle Benefield Agile Software Development with Scrum Jeff Sutherland Gabrielle Benefield Agenda Introduction Overview of Methodologies Exercise; empirical learning Agile Manifesto Agile Values History of Scrum Exercise:

More information

On the Productivity of Agile Software Practices: An Industrial Case Study

On the Productivity of Agile Software Practices: An Industrial Case Study On the Productivity of Agile Software Practices: An Industrial Case Study Frank Maurer & Sebastien Martel University of Calgary Department of Computer Science Calgary, Alberta, Canada, T2N 1N4 {Maurer,

More information

As the use of agile approaches

As the use of agile approaches What Does a Business Analyst Do on an Agile Project? By Kent J. McDonald Senior Instructor, B2T Training As the use of agile approaches increases, business analysts struggle to determine how their role

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Name of pattern types 1 Process control patterns 2 Logic architectural patterns 3 Organizational patterns 4 Analytic patterns 5 Design patterns 6

Name of pattern types 1 Process control patterns 2 Logic architectural patterns 3 Organizational patterns 4 Analytic patterns 5 Design patterns 6 The Researches on Unified Pattern of Information System Deng Zhonghua,Guo Liang,Xia Yanping School of Information Management, Wuhan University Wuhan, Hubei, China 430072 Abstract: This paper discusses

More information

Job Satisfaction and Motivation in a Large Agile Team

Job Satisfaction and Motivation in a Large Agile Team Job Satisfaction and Motivation in a Large Agile Team Bjørnar Tessem 1, and Frank Maurer 2 1 Department of Information Science and Media Studies, University of Bergen, NO-5020 Bergen, Norway bjornar.tessem@uib.no

More information