delivering security in an agile world

Delivering SecurityIn an Agile World

7 things to remember to ensure the software you’re developing is secure.

Imagine you’re running a shipping business…

To explain how to best fit security into your Agile development process without slowing down the works, let’s compare it to a shipping service.

So, instead of delivering software, imagine you’re now delivering packages—really important packages.

Get your priorities straight.

Each package represents a feature that someone wants in your software. Some are very important and must be delivered ASAP.

Others can wait for a future delivery.

Keep on keepin’ on.

A driver that delivers packages to the right addresses, on time, without losing them or

breaking them is like a software development team that delivers a well-defined set of features by the pre-determined release date. To keep to the schedule, change things as you go rather

than back tracking.

Don’t cram the van, man.

When selecting what items to deliver each day, it’s important to remember that the van can only

carry so much stuff at a time. Likewise, Agile development teams have a notion of “how big

the van is.”

A sprint is no more stretchable than the sides of a delivery van.

If all your eggs don’t fit in one basket…

If someone orders a dozen eggs, but you can only fit ten in the van, take ten now and two

later. Likewise, if a feature is too big for a sprint, break it up into several sprints.

You can’t deliver half an egg (without getting really messy). Likewise, there are limits to how some features can

be broken down.

Handle with care.

Taking the time to fill the empty space in each box with packing peanuts is worth the extra

effort. It’ll save you the cost and time it takes to replace a broken item. Likewise, building

security into your SDLC will reduce the time and money it takes to implement corrections in

future sprints.

The accumulation of replacement items that need to be delivered is

called “technical debt.”

When life give you golf balls…

Giving your development team a code scanning report with 25,000 results is like giving them a crate of 25,000 golf balls and asking them

to ship each one individually. It’s absurdly inefficient.

Security issues should be packaged in a way that makes it easier for

developers to deliver.

Put the pedal to the metal.

Here are 3 tips to help you deliver security successfully in an

Agile world.

Security needs to meet the developers where they work.

1

Provide security assessment results in a format that is consumable by the development team.

Agile software development methods work.

2

If you put security on your development team’s list of goals, then they will build things that get

them to security.

The goal is to create secure software.

3

There is no need to make security artifacts for the sake of making security artifacts.

Ready to get moving?

FIND OUT HOW