Hi,
Agile development is spreading fast. I have discussed with many
agile/Scrum developers and consultants and asked about security
integration. I have got mostly vague answers about general quality
enhancements, trusting the team and of course pointers to security
critical applications they have developed.
I know about Microsoft SDL guidelines w/ agile development guidelines.
Best practical presntation I've seen comes from Nokia, now also
presented at OWASP,
http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf
I've also disccussed about agile/security integration with other
security professionals and software developers. For example we had a
good meeting with nice security/developer mix arranged by Agile Finland
and Finnish Information Security Association. Discussion results
available here,
http://confluence.agilefinland.com/display/af/Secure+software+development+and+agile+methods+-+notes
Now - if anyone could share some *real world* experiences how to make
agile/Scrum + security succeed without paralysing the agile team, I
would very much like to hear.
What works, what not? How to start? What tasks/tools gives most benefit?
All other insights are welcome also.
regards,
Jari
--
Jari Pirhonen
@japi999
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
