Software security guidance for Agile practitioners
Posted on 20 July 2012.
SAFECode released a paper that provides practical software security guidance to Agile practitioners in the form of security-focused stories and security tasks they can easily integrate into their Agile-based development environments.

"A number of SAFECode members recognized the natural tension between the dynamic nature of Agile development methodologies and more formalized processes for secure software development. After working on various ways we could better insert the most important elements of the security process into a standard Agile development process, we came up with this relatively simple approach of presenting security-focused stories with associated security tasks, alongside operational security tasks and those that most often require the support of a security expert," said Vishal Asthana, Senior Principle Software Engineer, Product Security Group, Symantec.

In an Agile development process, necessary changes are incorporated in a dynamic fashion. Cycles/sprints are very short, usually no more than two to four weeks, making it extremely difficult for software development teams to comply with long lists of security assurance tasks.

This paper addresses this challenge by translating secure development practices into a language and format that Agile practitioners can more readily act upon as part of a standard Agile methodology.

To further simplify things, the recommended security tasks are broken down by roles, including architects, developers and testers, and separately lists the tasks that most often require specialized skills from security experts.

"SAFECode has dedicated significant resources to evaluating and improving the secure development process based on the experiences of its members in real-world implementations," said Stacy Simpson, policy and communications director, SAFECode.

"Though presented in a list format, this paper is an extension of our commitment to our process-based approach. Our goal is to present key elements of that process in a way that can be more readily acted upon by Agile practitioners. We hope that this paper will be useful to organizations that use, or plan to use, Agile methods and wish to incorporate security or enhance existing security tasks in their development process," Simpson added.





Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //