Agile Processes in Software Engineering and Extreme Programming- P9:“The Program Commitee of XP 2000 invites you to participate in this meeting of software development researchers, professionals, educators, managers, and students. The conference brings together people from industry and academia to share experiences and ideas and to provide an archival source for important papers on flexible process-related topics. | 228 X. Ge et al. such as XP. Improving the security awareness of the whole project team is obviously important. The practice of security training is focused on improving organisational security capabilities and providing appropriate technical knowledge. In addition to security professionals or experts the human roles involved in an software project can be classified into Stakeholders including several roles in XP customers coaches trackers and manager. They then- provide the stories that formthe metaphor of the developmend snd amoer tubsequent questions. - Developers including - . o. . pork from the requiremenVe of ttakeholOort o hdeueUy oopvrts watt itu . he- livering an appooesieeo tvrtsm. The requirements uf seeurily training vary for different roles. Training for stakeholders are the more general focusingon how to rrspeeU securiiy erlicies when requesting new frmutlopollty and olSimafhlowOen eum. thesysSem. Devri-opers need technical traimny for rom-Ue STutumorchiteytTSbs explymmhbullt-m or add-on security ylsunppdttommo rhet .tablet Uhemto modify existing mechyetsms yndto design end treUoV ituu mechenlsmt where necessary. System attacks rarely create security holes they simply exploit existing ones. Unidentified security ure Irt T silie jtvor rvftwasede-sign and implementetion wlulrttoe oxpkrfrotiou rf kltreiTiul the result of poor rifoausesbmeet tmpfovmgkhu security knoplodge m duwoi Ut ness of developers it . . .host v. . eisks. Hotever eo-hanced security awareness .ypreiect paettolpopts v not normohy a suffiden- substitute for a seturity leadintht ioo u opiu hlu A ueourityspeciuhft brings deep security issues and of software development and acts as a resource for I heilawlo oekO team. .tooio csset thr ncurity rpeoi -0 i ot takes a role of coachmtye psyjoai. 4 FundamentalAryhiaeoaure Software security iy e s rido loene tukes rnto - .oth .