| Title |
Agile Security; or, How to Defend Applications with Five-Day-Long Release Cycles |
| Type |
Paper
|
| Tags |
secure development
|
| Abstract |
Some security experts would have you believe that it is "impossible" to implement secure development practices in organizations using Agile development methodologies. Admittedly, the use of Agile does pose some challenges to traditional Security Development Lifecycle (SDL) processes—challenges such as meteorically short release cycles, infinitely long product lifetimes (as in the case of cloud applications), and a general You-Ain't-Gonna-Need-It aversion to planning mentality. However, despite these challenges, securing Agile projects is not impossible. SDL and Agile can be made to work well together, and in many ways they can actually work better together than they can separately. This session will detail the process changes that the Microsoft SDL team has made to improve the applicability of the SDL to Agile development methodologies. We will discuss key challenges faced in adapting secure development practices to Agile and how they were overcome, and we will discuss inherent strengths of Agile that work exceptionally well with the SDL and can potentially lead to a best-of-both-worlds scenario.
|
| Authors |
Bryan Sullivan
|
| Submitted |
May 24, 2010 |
| Rating |
Currently 0/5 stars (0 votes).
|
| Correlation |
| Linked to |
|
| Event |
Black Hat DC 2010
|
| Resource |
---
|
| Download |
| Source |
BlackHat-DC-2010-Sullivan-SDL-Agile-wp.pdf |
| Size |
271.5 KB |
| MD5 |
be914d67a7ec4b6583dc19066aec04c3 |
| SHA1 |
6d131128aea3c266fda82570eb211272954f44d1 |
top
