How does security fit with engineering?
As interest in software security increases, savvy security organizations are determining how to integrate security into the way they build software. However, the reality of software development in many organizations is complex. Sometimes development is part of the traditional IT organization, but more often software development teams report to individual business units. Sometimes a standard Software Development Lifecycle (SDLC) is used, but more often each development team has its own way of building software. In almost every case, a particular software process is defended with religious zeal. All these factors make integrating security into software development an interesting challenge.
By Gary McGraw at Network Magazine.
[ Read more ]