Secure Coding mailing list archives
Agile (Scrum) best security practices and experiences?
From: Jari Pirhonen <japi () iki fi>
Date: Tue, 07 Sep 2010 19:41:35 +0300
Hi,Agile development is spreading fast. I have discussed with many agile/Scrum developers and consultants and asked about security integration. I have got mostly vague answers about general quality enhancements, trusting the team and of course pointers to security critical applications they have developed.
I know about Microsoft SDL guidelines w/ agile development guidelines.Best practical presntation I've seen comes from Nokia, now also presented at OWASP, http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf
I've also disccussed about agile/security integration with other security professionals and software developers. For example we had a good meeting with nice security/developer mix arranged by Agile Finland and Finnish Information Security Association. Discussion results available here, http://confluence.agilefinland.com/display/af/Secure+software+development+and+agile+methods+-+notes
Now - if anyone could share some *real world* experiences how to make agile/Scrum + security succeed without paralysing the agile team, I would very much like to hear.
What works, what not? How to start? What tasks/tools gives most benefit? All other insights are welcome also. regards, Jari -- Jari Pirhonen @japi999 _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Agile (Scrum) best security practices and experiences? Jari Pirhonen (Sep 07)
- Re: Agile (Scrum) best security practices and experiences? Dave Wichers (Sep 08)
- Message not available
- Re: Agile (Scrum) best security practices and experiences? Jari Pirhonen (Sep 08)
- Re: Agile (Scrum) best security practices and experiences? Rohit Sethi (Sep 09)
- Re: Agile (Scrum) best security practices and experiences? Antti Vähä-Sipilä (Sep 14)
- Re: Agile (Scrum) best security practices and experiences? Jari Pirhonen (Sep 08)