Why the Burden of Security Should Be Assumed by the Entire Team
We hear more and more that every member of your software team should have some sort of role when it comes to quality. Since testing and development are more integrated than ever, you need a heavy investment in quality at each level and an understanding that more than one group needs to be accountable for the state of the final product.
But that mentality stretches beyond quality. Security is as important as it's ever been, with users sharing more personal data with companies all over the world. From banking to ride sharing applications, all types of sensitive data are required to make applications run correctly.
So, who should be the one who takes the fall if someone breaks into your app and steals data? Who should everyone point their finger at when users start uninstalling your app after they see critical security issues that make the product too risky to keep around?
If your team is working as a unit, following agile principles, and sees quality as a group effort, the burden of security should stretch well beyond QA engineers and testers. Security needs to be a priority at every stage, and Jennifer Scandariato, the director of test engineering and leader of the Women in Technology initiative at iCIMS, explained exactly why in a recent interview with StickyMinds.
“My belief is that the entire team is accountable for the quality, not just the QA engineer, test engineer, or SDET,” Scandariato said. “At iCIMS, we specifically developed a Center of Excellence (CoE) around security engineering to ensure we are building from the beginning, versus bolting on at the end.
“The idea of high-performing and best-in-class software as a service (SaaS) is focused for everyone in an agile team and not just the testing arm. Security is just one CoE, and we’ve developed four other CoEs (performance, accessibility, localization and agile engineering.)”
Users aren’t afraid to drop one-star reviews for applications that don’t meet quality expectations, and they’ll quickly (and understandably) throw stones at products that compromised their personal information to even the smallest degree.
Quality can be improved over time, and while it’s difficult to change perception, it’s still possible. Poor security, on the other hand, can sink your ship before it even leaves the dock. Invest in the security of your application, and be sure to spread that responsibility to multiple levels of your software team.