Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].
Threat modeling has transitioned from a theoretical concept into an IT security best practice. Choosing the right methodology is a combination of finding what works for your SDLC maturity and ensuring it results in the desired outputs. Let’s look at four different methodologies and assess their strengths and weaknesses.
There are many frameworks available to organizations that are maturing their agile process. However, some frameworks can help reinforce agile behaviors, while others can actually drive an organization to revert to waterfall habits. The right choice should be the methodology that allows teams to deliver their best work.
The Iowa Democratic Party used a mobile app to pull results from statewide precincts for the Iowa caucus. But the app was not properly tested or deployed, and it turned into a high-profile tech disaster. When deadlines loom, release testing is often what gets cut, but this situation shows why it's a crucial activity.
The start of a new year always comes with new resolutions, goals, and a set of plans to grow in the future. The excitement and energy that a new start brings can rejuvenate a team. However, if you’re not careful, that same ambition can lead to failure. This year, adjust your strategy and plan in a more agile manner.
Poor quality input will always produce faulty output. Improper validation of data input can affect more than just security; it can also affect your ability to make effective business decisions. Bad data can have impacts on how you make quantitative decisions or create reports, if you can’t trust the data you receive.
Some agile teams believe the ScrumMaster is the sole point of communication between them and the product owner, so the team can abdicate any responsibility to communicate with stakeholders. That couldn't be more wrong. It's actually the ScrumMaster's job to enable communication and coach or guide the team to solutions.
DevSecOps means more secure applications through greater collaboration. However, many organizations hold preconceived notions and misconceptions about what DevSecOps is and why their organizations will face challenges in adopting it. Here are four common myths about DevSecOps transformation, along with the truth.