DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The Latest Agile Topics

article thumbnail
Process Debt Is Something You Should Care About
Process debt is the implied cost of having to perform additional work or actions caused by not having the right elements in place.
November 29, 2022
by Ramon Felip
· 7,058 Views · 4 Likes
article thumbnail
How to Not Screw Up Your Product Strategy
In this article, review common problems with product strategies, and also explore how to craft a product strategy that avoids these problems.
November 28, 2022
by Jade Rubick CORE
· 2,864 Views · 1 Like
article thumbnail
5 Vital Steps in Successfully Setting Up Your Startup QA Process
How should you test your product before launch? What are the best tools and techniques for startup QA? This article answers those questions and more.
November 28, 2022
by Alister Esam
· 4,245 Views · 1 Like
article thumbnail
36 Questions to Ask Your Future Software Employer
“Do you have any questions for us?” the interviewer asks. This is your chance to find out if the company if a good fit for YOU.
November 26, 2022
by Tomas Fernandez
· 5,986 Views · 4 Likes
article thumbnail
12 Essential Skills Your ReactJS Developers Should Have
Read our in-depth recruiting guide to discover the greatest React skills for your team. This guide will explain the crucial React JS developer abilities.
November 25, 2022
by Nisarg Mehta
· 9,090 Views · 1 Like
article thumbnail
Utilize These Detection-as-Code Best Practices
Does your security team have a modern approach to threat detection? Or are you still trying to keep pace using legacy systems of the past?
November 24, 2022
by Jack Naglieri
· 7,593 Views · 2 Likes
article thumbnail
A Comprehensive List of Agile Methodologies and How They Work
This article is a comprehensive list of the Agile methodologies and what they do. It will get you up to speed with the most common Agile methodologies.
November 24, 2022
by Alister Esam
· 5,513 Views · 2 Likes
article thumbnail
Shift Left: Value Creation in Scrum
Value creation in Scrum is not as straightforward as you might have thought
November 21, 2022
by Stefan Wolpers CORE
· 2,971 Views · 3 Likes
article thumbnail
Scrum Tools and Practices to Enhance an Incomplete Framework
Part 1: Stakeholder Collaboration and Team Building.
November 15, 2022
by Stefan Wolpers CORE
· 6,597 Views · 3 Likes
article thumbnail
Agile or V-Shaped: What Should Be Your Next Software Development Life Cycle Model?
In this blog post, we will explore the pros and cons of both these SDLC models while also providing some tips on how to choose the right model for your project.
November 10, 2022
by Deepak Bhagat
· 5,443 Views · 2 Likes
article thumbnail
When Is It Time to Stop Using Scrum?
Is there a moment when a successful Scrum team should stop using Scrum?
October 31, 2022
by Stefan Wolpers CORE
· 8,032 Views · 7 Likes
article thumbnail
What Is BDD? - A Complete Guide
In this article, we will learn what is BDD, why to use the BDD framework, how to implement BDD, the advantages of BDD, and the difference between TDD vs BDD.
October 20, 2022
by Deepali chadokar
· 4,485 Views · 3 Likes
article thumbnail
Can There Be Testers in Scrum?
Scrum is an invaluable framework for integrating quality into product development and creating agile teams. How do testers fit into all this? Let’s dig deeper in this article.
October 16, 2022
by Federico Toledo
· 7,171 Views · 7 Likes
article thumbnail
The Rising Tide of Platform Engineering
Platform Engineering takes care of the common shared services that other development teams rely on to build their products and services.
October 12, 2022
by Kit Merker
· 7,720 Views · 4 Likes
article thumbnail
Geek Reading for the Weekend
I have talked about human filters and my plan for digital curation. These items are the fruits of those ideas, the items I deemed worthy from my Google Reader feeds. These items are a combination of tech business news, development news and programming tools and techniques. Why You Make Less Money (job tips for geeks) Nate Silver Gets Real About Big Data (ReadWrite) Java StringBuilder myth debunked (Java Code Geeks) Dew Drop – March 29, 2013 (#1,517) (Alvin Ashcraft's Morning Dew) Generation Mooch? Why 20-somethings have a hard time paying for content (GigaOM) Double Shot #1096 (A Fresh Cup) Connecting Talking with Doing (Conversation Agent) Games Galore: Building Atari with CreateJS (noupe) Putting People in Boxes (Architects Zone – Architectural Design Patterns & Best Practices) Do Code Improvements Add Value? (Architects Zone – Architectural Design Patterns & Best Practices) Cassandra 1.1 – Reading and Writing from SSTable Perspective (Architects Zone – Architectural Design Patterns & Best Practices) Couchbase NoSQL at Tunewiki: A Billion Documents and Counting (Architects Zone – Architectural Design Patterns & Best Practices) The Daily Six Pack: March 29, 2013 (Dirk Strauss) Using Kanban for Scrum Backlog Grooming (Agile Zone – Software Methodologies for Development Managers) Humming (xkcd.com) Amazon Acquires Social Reading Site Goodreads, Which Gives The Company A Social Advantage Over Apple(TechCrunch) I hope you enjoy today’s items, and please participate in the discussions on those sites.
October 11, 2022
by Robert Diana
· 7,736 Views · 1 Like
article thumbnail
The Memorable Power of Agile Storytelling
The best way to make an important message stick is through a compelling story. That's how our brains work. To promote Agile best practices, we need stories in support as well as to the contrary.
October 10, 2022
by Jasper Sprengers CORE
· 4,364 Views · 7 Likes
article thumbnail
Sprint Goal Principles
Learn about nine Sprint Goal principles, from avoiding pseudo and output-driven Sprint Goals to playing safe all the time.
October 10, 2022
by Stefan Wolpers CORE
· 3,587 Views · 2 Likes
article thumbnail
DevSecOps: Explaining Best Practices, Benefits and Tools
Adopting DevSecOps and integrating security into software is an obvious answer. Sooner or later, this method will conquer the software development field.
October 10, 2022
by Mario Olomu
· 4,940 Views · 1 Like
article thumbnail
Appsec’s Agile Problem
Agile development has a serious Appsec problem. Most Agile development teams suck at building secure software. But one of the reasons for this is that Appsec has a serious Agile problem. Most security experts don’t understand Agile development and haven’t come to terms with the way the way that Agile teams design and build software; with the way that Agile teams think and work; and especially with the speed at which Agile teams deliver software and make decisions. The CSSLP and Agile = Epic Fail You can see this problem in (ISC)2’s Certified Secure Software Lifecycle Professional (CSSLP), which is supposed to help bridge between security and software development. The Official Guide to the CSSLP is 572 pages long. Of this, only 2 pages are spent on Agile development: ½ page each on Scrum and XP, and a couple of pictures. Otherwise, ISC2 pretends that software development is done in big formal Waterfall steps (requirements, design, coding, testing, deployment) with lots of documents to review and clear hand-offs at each of these steps where somebody from Security can step in and insert a big formal review/test before the next step can start. Most developers don’t work this way anymore, if they ever did. Appsec’s Agile Challenges It’s not clear how and when security should engage with Agile teams that are following Lean, lightweight Agile methods. How can Security keep up with projects with such short-term planning horizons, plans and priorities that change for every 1- or 2-week sprint? What about teams following Kanban and Just in Time planning and “automagical” prioritization, and Continuous Deployment in Devops, pushing each change out to customers as soon as it is developed? Where does Security fit in Scrum, or a Scrum of Scrums? What meetings do security engineers need to attend, and what roles are they supposed to play in these meetings? How much input can they / should they have on decisions? Is Security a Chicken or a Pig? How can Security know when they need to do a security review, if requirements are all captured in 1-sentence User Stories which are “too short on purpose”? How do you get security activities and requirements included in the backlog? How can Security catch and correct design and implementation decisions before it is too late if they aren't in the same room as the development team, when developers are learning and deciding on the fly what work needs to be done and how it needs to be done? When do you schedule security reviews and tests if the design and the code are always changing? When the team is continuously experimenting and trying out new ideas, new programming models, new languages and frameworks and libraries and toolchains? How do you do threat modeling on a design that is never finished? And how can you assess the design of a system for security risks if “the design is the code” and “the code is the documentation” without having to go through all of the code by hand after it has already been written? Security and compliance requires a security review for every major software release. But what if there is never a “major release”, what if the development team is releasing small changes to production 20 or 50 or 500 or 5000 times a year? It Has Already Been Decided Appsec isn’t prepared for the rapid pace that Agile teams deliver working software, often from the start of a project. Or for the fierce autonomy and independence of self-managing Whole Teams in which developers are free to decide who will do the work and how it will get done. Or for the speed at which these decisions are made. This is a different way of thinking and working from top-down, plan-driven projects. Responsibility and accountability for decisions are pushed down to the team and from there to individuals. Lots of people making lots of small decisions, quickly and often – and changing or unmaking these decisions just as quickly and just as often. The ground is always shifting, as people continuously seek out and respond to feedback and new ideas and information, adjusting and backtracking and making course corrections. Constantly changing and tuning how they work through frequent retrospection. A culture and working approach where people are encouraged to fire first and then aim, to make mistakes and embrace failure, to fail early, fail fast and fail often, as long as they keep learning. The software – and the process that the team follows to design and build and test it – is never done, never stable and therefore “never secure”. Agile Appsec: Case Studies Microsoft has taken on the problem of how to do secure Agile development with its SDL-Agile process framework. Unfortunately, it only works for Microsoft: the SDL-Agile is expensive, heavyweight, and draws extensively on the scale and capabilities of Microsoft’s massive internal organization. Two “From the Trenches” case studies at this year’s OWASP Appsec USA conference in NYC showed how other organizations are taking on the same challenges. The first case study by Chris Eng and Ryan Boyle at Veracode, a software security as a service provider (couldn't find the link at OWASP) proves how difficult it can be for Appsec to keep up with Agile development teams, even in an organization that does Appsec for a living and has deep security engineering capabilities. Veracode’s internal Appsec engineering program has continued to learn and adapt as their development organization grew to more than 100 application developers working in a dozen Scrum teams. In the early pre-Agile days, their program relied on static analysis checking (essentially eating their own dog food as they used the same platform technology that the development team was building for customers), staged manual pen testing and ad hoc consultation from the security engineering team. As the development organization grew and adopted Scrum, Security had to find new ways to work closer with development without slowing the developers down or stretching their security engineering resources too thin. Security engineers got involved in Sprint planning meetings to discover risks, identify which stories needed security reviews, and do some threat modeling. But they found that planning meetings were not the best place for technical security reviews – the security engineers had already missed a lot of design and implementation decisions that developers had already made, which forced the teams to back track or add work after the Sprint had already started, making them miss their commitments. Now security engineers work earlier with the Product Owner to look for risks and to proactively review the team’s backlog and identify candidate stories that Security will need to review and sign-off on or help the team with. In the second case study, Yair Rovek explained how at LivePerson, 200+ developers in more than 20 Scrum teams build secure software using a common set of technologies, tools and practices. Security engineering works with a central architecture team to build security into the technology platform that all of the development teams share, including custom-built developer-friendly wrappers around ESAPI and other security libraries. Security reviews and other controls are added at different points in the development cycle: Release planning (identify risks, high-level design, compliance issues), Sprint planning, coding, testing, release. LivePerson uses static analysis tools with custom rules to check that architecture conventions are followed and to alert when a developer integrates new Open Source code so that this code can be reviewed for vulnerabilities. They schedule pen tests for every major release of their software and open up their service to customer pen testing – as a result their systems are almost continuously pen tested throughout the year. The Future is going to be Faster – and Appsec will have to be too In his presentation “Application Security at DevOps Speed and Portfolio Scale” at the same OWASP Appsec conference, Jeff Williams asserted that “Our traditional techniques for doing Appsec are failing, they’re crumbling at the edges”. Appsec has to speed up, become more flexible and Agile in itself. Because the future is going to keep getting faster. Software development projects are getting smaller and simpler and more organizations are adopting Agile methods because smaller, Agile projects are less likely to fail and they get to market much faster. Devops, Continuous Delivery and Continuous Deployment, Kanban, the Lean Startup approach of building a Minimum Viable Product quickly and getting it out for feedback, and other ideas about how to deliver more working software faster and cheaper are becoming mainstream. In order for Appsec to “push left” into the SDLC, Appsec has to change its role from assurance/auditing and compliance to proactively enabling self-service secure development. We have to stop pretending that big security reviews and stage gates at major project milestones still work (if they ever did). They need to be replaced by lightweight, in-phase, iterative and incremental preventative controls – simple cheap things that make sense to developers and that they can do as part of designing and building software. There’s still a role for pen testing and other security reviews. But not as a once-a-year annual release certification/assurance step to “prove that the system is secure” or some other fantasy. Pen tests and other reviews are just another source of feedback to the team, information that they can use to learn and adapt and improve. Security reviews need to be cheaper and scaled down, so that they fit into time boxes and so that they can be done earlier and more often. Security has to be fit into unit testing and Continuous Integration and Continuous Delivery and the other tight, continuous feedback loops that Agile teams rely on, using tools that don’t need to be understood and run by security experts and that fit with how developers think and work. There are a handful of organizations that are pushing Appsec further into the rapidly blurring lines between development and operations: Etsy, Netflix, and Twitter are already doing Appsec at “DevOps Speed” today, inventing new tools and ideas. The rest of Appsec has to catch up, or be left behind. BTW: If you are involved in security for your organization’s software, the SANS Institute would appreciate your insight. Please participate in the SANS Application Security Survey. The survey closes December 20.
October 5, 2022
by Jim Bird
· 10,094 Views · 2 Likes
article thumbnail
Analytics Improves Agile Effectiveness at the Enterprise Level
To uncover insights into underlying patterns, organizations need to employ more sophisticated data analytics techniques and tools.
October 5, 2022
by Dr. Srijith Sreenivasan
· 4,831 Views · 4 Likes
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • ...
  • Next

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: