There’s no question that agile development methods, which emphasize collaboration and shorter, iterative development cycles, are ascendant. Many factors contribute to agile’s growing popularity, from constrained budgets to increased user demands for features and accountability.
Though traditionally associated with small and nimble software and services startups, agile methodology has been embraced by organizations across industry verticals – many (like John Deere) whose name doesn’t scream “app store” or “Silicon Valley Startup.”
But if agile is here to stay, a nagging question is how to pivot to agile’s fast-paced and iterative release schedules without skimping on important areas like code security. After all, the conventional wisdom is that security slows things down: imposing time- and labor intensive code audits and testing on the otherwise results-driven development cycle.
Fortunately, agile and secure development aren’t mutually exclusive. Tomorrow (Thursday), the Security Ledger and Veracode will collaborate on a Hangout and discussion of how to build, automate and deliver secure software using the agile methodology.
I’ll be moderating the discussion. Joining me will be Maria Loughlin, a Vice President of Engineering at Veracode and Rob Curtis, Veracode’s head of quality assurance. Both Maria and Rob bring agile a wealth of experience and expertise to the conversation.
Among the things we will be discussing are:
- Practical steps to adapt and automate secure coding and security testing processes to better fit the agile scrum methodology.
- Strategies for making security central to development and testing processes within Veracode.
- Best practices for incorporating security tasks into developer workflows
Approaches to scaling security programs using developer training and ‘security champions.’
As always: we’ll give participants the chance to…well…participate. You can pose questions to Maria and Rob. Think of it kind of like a free consultation from two, experienced agile development and security experts.
This is a great opportunity for developers, engineering teams as well as IT and security staff to attend. Use the link provided to register. We look forward to seeing you there!