HackDig : Dig high-quality web security articles for hackers

New Research Paper: Secure Agile Development

2014-11-07 21:55

Security teams are sharply focused on bringing security to applications and meeting compliance requirements in the delivery of these applications and services. On the other hand, the #1 job for software developers is to deliver code faster and more efficiently, with security placing a distance second. Both security professionals and developers may be tasked with security, finding the best way to embed security into the software development lifecycle (SDLC) is not an easy challenge.

Agile frameworks have become the new foundation for code development, with an internal focus on ruthlessly rooting out tools and techniques that don’t fit into this type of development. This means that secure development practices, just like every other facet of development, must fit within the Agile framework – not the other way around. In this paper we offer an outline for security folks to understand development teams priorities and how they work, and practical ways to work together so both teams work within the Agile software methodology. Here is an except:

Over the past 15 years, the way we develop software has changed completely. Development processes evolved from Waterfall, to rapid development, to extreme programing, to Agile, to Agile with Scrum, to our current darling: DevOps. Each evolutionary step was taken to build better software by improving the software building process. And each step embraced changes in tools, languages, and systems to encourage increasingly agile processes, while discouraging slower and more cumbersome processes.

The fast flux of development evolution gradually deprecated everything that impeded agility … including security. Agile had an uneasy relationship with security because its facets which promoted better software development (in general) broke existing techniques for building security into code. Agile frameworks are the new foundation for code development, with an internal focus on ruthlessly rooting out tools and techniques that don’t fit the model. So secure development practices, just like every other facet of development, must fit within the Agile framework — not the other way around.

We are also proud that Vercode has asked to license this content; without support like this we could not bring this quality of research to you free of charge or registration. As with all of our research, if you have questions or comments, we encourage you to comment on the blog as the open discussions help the community at large.

For a copy of the research, you can download the PDF here, or you can get a copy from our research library page on Secure Agile development.

- Adrian Lane (0) Comments


Source: tnempoleved-eliga-eruces-repap-wen/golb/moc.sisoruces.www

Read:3408 | Comments:0 | Tags:No Tag

“New Research Paper: Secure Agile Development”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud