Agile processes play an important role in the author's undergraduate course in software engineering. The course is a required course for undergraduate majors in Computer Science. Agile processes, like eXtreme Programming (XP), have been criticized for not providing a good framework for building secure software. The course begins by covering what some people have called "the war" between the traditional waterfall process folks and the agile process folks. After students are given an introduction to various processes on both sides of "the war" (with an emphasis on PSP, CMMI and XP) and after students are introduced to basic concepts about how to make software systems more secure (drawing heavily on Viega and McGraw's book Building Secure Software), the course turns its attention to how XP (in particular) can be made more secure. This topic generates a lot of enthusiasm among the students. The students seem to enjoy the challenge of creating new ideas to improve the manner in which XP addresses security issues. Students have come up with many creative and stimulating ideas about how eXtreme Programming can be made more secure without the necessity for what some have called "big up front design". This paper presents some of the creative ideas students have come up with regarding this issue and discusses the team projects that give students the opportunity to explore security issues for agile processes in some depth.
展开▼