Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].
Many software organizations are overwhelmed with a laundry list of vulnerabilities. They often have no idea where to start, how to determine prioritization, and whether or not those vulnerabilities accurately represent the threats to our applications, users, and data. Threat modeling is a simple yet effective solution.
There's a trend of organizations declaring they are agile without actually changing how they develop software. Declaring that an apple is an orange doesn’t make it so. These six key indicators can help you determine whether your agile project isn’t really agile after all—and give you some solutions to help.
The MVP brings tremendous value to a team’s ability to effectively implement agile practices. It also allows us to better understand what “value” actually means to our users and how context changes the meaning. Your MVP must move through your validation and release cycles while still being valuable to your users.
When practicing DevOps, how should you include security? What's the best way to build security into an existing continuous integration, continuous delivery, and continuous deployment pipeline? Let’s take a look at five essential features of successful DevSecOps pipelines and analyze where security can benefit most.
Successful agile teams often have a coach driving continuous improvement. While some coaches are effective initially, many eventually succumb to pitfalls that inhibit their team’s growth and fail to compel any lasting changes. Here are five common pitfalls of agile coaches in most projects that fail to improve.
Many DevOps engineers fail to test their automation code in the same way they test the software they deploy. It's crucial for software to have tests, and this should apply to infrastructure-as-code software too, if we plan to change and improve this code with no worries about breaking automation in our DevOps pipeline.
One of the major reasons organizations adopt DevOps practices is to accelerate delivery of software to production. However, many fail to include quality components in their practices. Continuous deployment without quality is just delivering continuous bugs. Here's why software testing is an essential part of DevOps.