Learn, hack!

URL

http://www.blackhat.com/presentations/bh-dc-10/Sullivan_Bryan/BlackHat-DC-2010-Sullivan-SDL-Agile-wp.pdf

File name

BlackHat-DC-2010-Sullivan-SDL-Agile-wp.pdf

File size

271.5 KB

MD5

be914d67a7ec4b6583dc19066aec04c3

SHA1

6d131128aea3c266fda82570eb211272954f44d1

Some security experts would have you believe that it is "impossible" to implement secure development practices in organizations using Agile development methodologies. Admittedly, the use of Agile does pose some challenges to traditional Security Development Lifecycle (SDL) processes—challenges such as meteorically short release cycles, infinitely long product lifetimes (as in the case of cloud applications), and a general You-Ain't-Gonna-Need-It aversion to planning mentality. However, despite these challenges, securing Agile projects is not impossible. SDL and Agile can be made to work well together, and in many ways they can actually work better together than they can separately. This session will detail the process changes that the Microsoft SDL team has made to improve the applicability of the SDL to Agile development methodologies. We will discuss key challenges faced in adapting secure development practices to Agile and how they were overcome, and we will discuss inherent strengths of Agile that work exceptionally well with the SDL and can potentially lead to a best-of-both-worlds scenario.