delivering security in an agile world
TRANSCRIPT
Delivering SecurityIn an Agile World
7 things to remember to ensure the software you’re developing is secure.
Imagine you’re running a shipping business…
To explain how to best fit security into your Agile development process without slowing down the works, let’s compare it to a shipping service.
So, instead of delivering software, imagine you’re now delivering packages—really important packages.
Get your priorities straight.
Each package represents a feature that someone wants in your software. Some are very important and must be delivered ASAP.
Others can wait for a future delivery.
Keep on keepin’ on.
A driver that delivers packages to the right addresses, on time, without losing them or
breaking them is like a software development team that delivers a well-defined set of features by the pre-determined release date. To keep to the schedule, change things as you go rather
than back tracking.
Don’t cram the van, man.
When selecting what items to deliver each day, it’s important to remember that the van can only
carry so much stuff at a time. Likewise, Agile development teams have a notion of “how big
the van is.”
A sprint is no more stretchable than the sides of a delivery van.
If all your eggs don’t fit in one basket…
If someone orders a dozen eggs, but you can only fit ten in the van, take ten now and two
later. Likewise, if a feature is too big for a sprint, break it up into several sprints.
You can’t deliver half an egg (without getting really messy). Likewise, there are limits to how some features can
be broken down.
Handle with care.
Taking the time to fill the empty space in each box with packing peanuts is worth the extra
effort. It’ll save you the cost and time it takes to replace a broken item. Likewise, building
security into your SDLC will reduce the time and money it takes to implement corrections in
future sprints.
The accumulation of replacement items that need to be delivered is
called “technical debt.”
When life give you golf balls…
Giving your development team a code scanning report with 25,000 results is like giving them a crate of 25,000 golf balls and asking them
to ship each one individually. It’s absurdly inefficient.
Security issues should be packaged in a way that makes it easier for
developers to deliver.
Put the pedal to the metal.
Here are 3 tips to help you deliver security successfully in an
Agile world.
Security needs to meet the developers where they work.
1
Provide security assessment results in a format that is consumable by the development team.
Agile software development methods work.
2
If you put security on your development team’s list of goals, then they will build things that get
them to security.
The goal is to create secure software.
3
There is no need to make security artifacts for the sake of making security artifacts.
Ready to get moving?
FIND OUT HOW