Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].
The Iowa Democratic Party used a mobile app to pull results from statewide precincts for the Iowa caucus. But the app was not properly tested or deployed, and it turned into a high-profile tech disaster. When deadlines loom, release testing is often what gets cut, but this situation shows why it's a crucial activity.
The start of a new year always comes with new resolutions, goals, and a set of plans to grow in the future. The excitement and energy that a new start brings can rejuvenate a team. However, if you’re not careful, that same ambition can lead to failure. This year, adjust your strategy and plan in a more agile manner.
Poor quality input will always produce faulty output. Improper validation of data input can affect more than just security; it can also affect your ability to make effective business decisions. Bad data can have impacts on how you make quantitative decisions or create reports, if you can’t trust the data you receive.
Some agile teams believe the ScrumMaster is the sole point of communication between them and the product owner, so the team can abdicate any responsibility to communicate with stakeholders. That couldn't be more wrong. It's actually the ScrumMaster's job to enable communication and coach or guide the team to solutions.
DevSecOps means more secure applications through greater collaboration. However, many organizations hold preconceived notions and misconceptions about what DevSecOps is and why their organizations will face challenges in adopting it. Here are four common myths about DevSecOps transformation, along with the truth.
One of the most common complaints of any software team during a retrospective is the issue of too many meetings. Agile ceremonies can provide a lot of value to the team, but only when they're done correctly. Here are four ways to get the most out of meetings, avoid wasting time, and gain value for everyone involved.
DevSecOps shifts security practices left and assures earlier that your application isn't vulnerable to breaches. But convincing a security group to get on board with your DevSecOps journey may not be an easy task. These four points can help you prove to your security group that DevSecOps is in everyone’s best interest.