Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Why We Suck at Building Secure Software and What We Can Do About It

DZone's Guide to

Why We Suck at Building Secure Software and What We Can Do About It

· Agile Zone ·
Free Resource

The Agile Zone is brought to you in partnership with Techtown Training. Learn how DevOps and SAFe® can be used either separately or in unison as a way to make your organization more efficient, more effective, and more successful in our SAFe® vs DevOps eBook.

Last night I presented to the Calgary Agile Methods Users Group on "Agile Appsec: Why we Suck at Building Secure Software, and what we can do about it". This is an outline of the problems that we have as an industry building secure software: why we fail at it, why Agile development is blamed for insecure software, and what we can do to build more secure software while still being Agile. I look at different approaches to injecting application security into Agile development: security stories, evil user stories, abuse cases and abuse stories; security sprints; and building security into development, using Microsoft's SDL Agile as a guide.



Adopting a DevOps practice starts with understanding where you are in the implementation journey. Download the DevOps Transformation Roadmap, brought to you in partnership with Techtown Training

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}