Method Selection and Tailoring for Agile Threat Assessment and Mitigation

Security engineering and agile development are often perceived as a clash of cultures. To address this clash, several approaches have been proposed that allow for agile security engineering. Unfortunately, agile development organization differ in their actual procedures and environmental properties resulting in varying requirements. We propose an approach to compare and select methods for agile security engineering. Furthermore, our approach addresses adaptation or construction of a tailored method taking the existing development culture into account. We demonstrate the feasibility of our proposal and report early experiences from its application within a small development organization for digital solutions in the automotive domain.