AgileAndSecure.com was featured on TheServerSide.net based on my presentation at last week's OWASP AppSec 2006 conference. The actual article is on SearchAppSecurity.com.
August 2007
Recent Posts
- AITP Agile and Secure Slide Deck Online
- Speaking at San Antonio AITP Meeting Tonight
- SA-SPIN Slide Deck Online, In Chicago Next Week
- Speaking to Chicago Java Users Group
- OWASP Online Store
- Presenting at OWASP Chicago
- Speaking to SA-SPIN about Agile and Secure on June 13th
- AgileAndSecure.com Featured on TheServerSide.net
- Agility and Security Like Open Source Software and Profits
- OWASP AppSec 2006 Slide Deck Online
Categories
Categories
Powered by TypePad
Agile/Secure Links
Agile/Secure Book Links
« Agility and Security Like Open Source Software and Profits | Main | Speaking to SA-SPIN about Agile and Secure on June 13th »
October 25, 2006
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341fafd953ef00d834bfaf8153ef
Listed below are links to weblogs that reference AgileAndSecure.com Featured on TheServerSide.net:
Comments
The comments to this entry are closed.
The article is great. I do have a question and would like to know what your thoughts are. The title seems to suggest that Agile developers generally ignore security. This might upset senior developers. Some senior developers and teams might already just write secure code. Also, are there any studies that suggest other development strategies like waterfall take security into account?
Posted by: Anand Rajagopal | October 26, 2006 at 09:54 AM
I believe that developers and development groups in general tend to ignore security. That is not the case for everyone, but if you look across the industry I think that it is fair to say that security is not a primary concern in a lot of organizations.
Hopefully senior developers will have the experience and perspective to integrate security into their designs and code. My concern is that in Agile projects you need to have security applied consistently - it can't just be the responsibility of one or two folks. Everyone has to have a base level of knowledge so code can have shared ownership.
As I mentioned above I think the industry average for secure development is pretty bad, but in Waterfall methodologies it is easier to implement SDL-like, command-and-control security. Because of the reduced documentation in Agile projects and the acceptance of change it can be a challenge to promote a unified vision of the system's security.
Posted by: Dan Cornell | October 26, 2006 at 07:29 PM