Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015.

Published byKimberly Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015."— Presentation transcript:

1 Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015

2 Outline Introduction Challenges of software development Formal methods Agile methods Formal agility Security Evolution Conclusions 2

3 Introduction KU MSIT student Software engineer at Garmin Father of 3 (4) 3

4 Outline Introduction Challenges of software development Formal methods Agile methods Formal agility Security Evolution Conclusions 4

5 Challenges of software development Easy or hard? Easy when small, working alone When the project, code base, number of contributors increase -> HARD 5

6 Challenges of software development Complex systems Requirement changes Deadlines Task switching Changing priorities External dependencies 6

7 Preparing for complexity & change Experienced software engineer Software engineering approaches – Modularization – Abstraction – Object orientation Most important – Need Structure 7

8 Structure Formal methods Agile methodology FM & AM combined 8

9 Outline Introduction Challenges of software development Formal methods Agile methods Formal agility Security Evolution Conclusions 9

10 Formal methods Mathematical approach to software development from the requirements specification onward Important when safety and security are important Can be used to derive a proof (great cost) 10

11 Aspects of formal methods Create models before coding Use modeling language with fixed grammar – Analogous to converting a word problem into algebraic notation Framework for rigorous testing 11

12 Teaching formal methods Learning to read formal specification easier than writing them Reading is necessary for entire team Writing formal requirements require highly trained people 12

13 Outline Introduction Challenges of software development Formal methods Agile methods Formal agility Security Evolution Conclusions 13

14 Agile methodology True agile – Many teams claiming to do agile software development are only adopting Scrum for project management – True agile is formally defined TDD Refactoring Pair programming Simple design 14

15 Agile development Individuals and interactions over process and tools Rapid response to change Requirements and solution evolve together over time 15

16 Agile development Individuals and interactions over process and tools – The most important resource is the people Produce better work More committed to the project 16

17 Agile development Rapid response to change – Quick (next sprint) changes based on customer feedback 17

18 Agile development Requirements and solution evolve together over time – Documentation comes from story planning and development 18

19 Outline Introduction Challenges of software development Formal methods Agile methods Formal agility Security Evolution Conclusions 19

20 Formal agility Contrasting model? Use modern tools for re-proof when system is changed – RODIN – Alloy Analyzer Agile developers can benefit from training in formal methods 20

21 Friends not foes Formal methods can’t be avoided – Programming languages have formal semantics – Coding standards are language subsets Tools within IDEs have analysis tools that run in the background Add value to agile as a sanity check and safety net 21

22 Formal agile development Individuals and interactions over process and tools – Once you have the right people tools and processes are still important – Most will benefit from tools and processes that embody wisdom gained by previous projects 22

23 Formal agile development Rapid response to change – Formal methods help form better basis for predicting consequences of major change – When models are adjusted the associated verification also needs to be redone 23

24 Formal agile development Requirements and solution evolve together over time – Ok for smaller shorter projects, especially internal ones – Multi-year, multi-team, large scale projects benefit from well defined models to avoid renegotiations 24

25 Formality adds value to agile Testing Requirements Refactoring Documentation 25

26 Outline Introduction Challenges of software development Formal methods Agile methods Formal agility Security Evolution Conclusions 26

27 Security Agile development focuses on user stories – Provide “happy path” for testing Security preparation is generally not part of the backlog – Stories are to satisfy the customer – Prioritize primary business value first 27

28 Adding security to agile Evil stories – Describe functionality that an attacker would be able to exploit – Development becomes two dimensional Implement user stories Avoid implementing evil stories Protection poker – Security risks are quantified by the agile team 28

29 Adding security to agile Agile principles to propagate security knowledge – Pair programming – Certification – Mandating security review in each sprints retrospective 29

30 Adding security to agile Microsoft Secure Development Lifecycle (SDL) Agile categories – Every sprint Running automated security-analysis tools Updating threat model – Bucket requirements Response planning – One-time requirements Base-line threat model 30

31 Outline Introduction Challenges of software development Formal methods Agile methods Formal agility Security Evolution Conclusions 31

32 Software evolution Real software systems continually evolve (or die) – New requirements – New functionalities 32

33 Software evolution Start with formal specification Iterate with new ideas 33

34 Formal software evolution Project made from formal definition evolve better – New/different people working on maintenance project – Questions of design or regressions 34

35 Outline Introduction Challenges of software development Formal methods Agile methods Formal agility Security Evolution Conclusions 35

36 Conclusions Agile and formal methods can be friends Project types dictate what part of any methodology is chosen 36

37 References Bowen, J., Hinchey, M., Janicke, H., Ward, M., & Zedan, H. (2014, Oct). Formality, Agility, Security, and Evolution in Software Development. Computer, IEEE, 47(10), 86-89. Black, S.; Boca, P.P.; Bowen, J.P.; Gorman, J.; Hinchey, M., "Formal Versus Agile: Survival of the Fittest," Computer, vol.42, no.9, pp.37,45, Sept. 2009 P.G. Larsen, J. Fitzgerald, and S. Wolff, “Are Formal Methods Ready for Agility? A Reality Check,” Proc. 2nd Int’l Workshop Formal Methods and Agile Methods (FM+AM 10), vol. P-179, 2010, pp. 13–25. 37

38 Formality, Agility, Security, and Evolution in Software Development Thank you for your time Questions and feedback are welcome 38

Download ppt "Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015."

Similar presentations

Jeremy S. Bradbury, James R. Cordy, Juergen Dingel, Michel Wermelinger

Jeremy S. Bradbury, James R. Cordy, Juergen Dingel, Michel Wermelinger
SDL in an Agile World MSSD-3 третья по счету конференция, посвященная всестороннему обсуждению популярной и важной темы – минимизация уязвимостей программного.

SDL in an Agile World MSSD-3 третья по счету конференция, посвященная всестороннему обсуждению популярной и важной темы – минимизация уязвимостей программного.
AGILE DEVELOPMENT Outlines : Quick Look of agile development Agility

AGILE DEVELOPMENT Outlines : Quick Look of agile development Agility
PROC-1 3. Software Process. PROC-2 What’s a process? Set of activities in creating software It involves creativity –hard to automate –Requires human judgment.

PROC-1 3. Software Process. PROC-2 What’s a process? Set of activities in creating software It involves creativity –hard to automate –Requires human judgment.
CS487 Software Engineering Omar Aldawud

CS487 Software Engineering Omar Aldawud
Interoperability. What is testing? Where have we come from? Where are we now? Why is nFocus at MSAIC? Overview.

Interoperability. What is testing? Where have we come from? Where are we now? Why is nFocus at MSAIC? Overview.
Software Processes Coherent sets of activities for specifying, designing, implementing and testing software systems.

Software Processes Coherent sets of activities for specifying, designing, implementing and testing software systems.
Agenda −Scrum with TFS 2010 using MSF for Agile 5.0 −Planning the Project −How do you plan the project? −Project planning in TFS 2010 −Planning a Sprint.

Agenda −Scrum with TFS 2010 using MSF for Agile 5.0 −Planning the Project −How do you plan the project? −Project planning in TFS 2010 −Planning a Sprint.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Alternative Software Life Cycle Models By Edward R. Corner vol. 2, chapter 8, pp. 289-299 Presented by: Gleyner Garden EEL6883 Software Engineering II.

Alternative Software Life Cycle Models By Edward R. Corner vol. 2, chapter 8, pp Presented by: Gleyner Garden EEL6883 Software Engineering II.
Alternate Software Development Methodologies

Alternate Software Development Methodologies
Clinton Keith CTO, High Moon Studios Agile Methodology in Game Development: Year 3.

Clinton Keith CTO, High Moon Studios Agile Methodology in Game Development: Year 3.
Agile Project Management with Scrum

Agile Project Management with Scrum
Agile development By Sam Chamberlain. First a bit of history..

Agile development By Sam Chamberlain. First a bit of history..
Review: Agile Software Testing in Large-Scale Project Talha Majeed COMP 587 Spring 2011.

Review: Agile Software Testing in Large-Scale Project Talha Majeed COMP 587 Spring 2011.
Chapter 6 The Process of Interaction Design Presented by: Kinnis Gosha, Michael McGill, Jamey White, and Chiao Huang.

Chapter 6 The Process of Interaction Design Presented by: Kinnis Gosha, Michael McGill, Jamey White, and Chiao Huang.
©Ian Sommerville 2000 Software Engineering, 6th edition Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing.

©Ian Sommerville 2000 Software Engineering, 6th edition Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing.
Computer Engineering 203 R Smith Agile Development 1/2009 1 Agile Methods What are Agile Methods? – Extreme Programming is the best known example – SCRUM.

Computer Engineering 203 R Smith Agile Development 1/ Agile Methods What are Agile Methods? – Extreme Programming is the best known example – SCRUM.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
SCRUM Software Development Process. Background “Scrum” A rugby term “describes a play in rugby in which the two sets of forwards mass together around.

SCRUM Software Development Process. Background “Scrum” A rugby term “describes a play in rugby in which the two sets of forwards mass together around.

Similar presentations

Ads by Google