Synergizing Software and Information Security

  1. code; they just might never have been trained how to code securely. You have two ways to properly train your developers. The first option is to hire a developer security training firm to train your developers. The second option is to persuade your IS team to come in and do the developer training. Either option will work, so it just comes down to determining which option is more appropriate for your organization.

The steps mentioned above are very broad. But getting your new, expanded team to communicate and use the same defect management system is the first step. The impact of not having a single defect management system to manage security defects alongside functional and performance defects can be extremely large.

No statistics are available for how many company Web sites have been hacked because a vulnerability was identified but never properly tracked and resolved. Yet there's a long list of company Web sites have been hacked for easily preventable security defects. Companies such as Netscape, MySpace, Google, PayPal, Eli Lilly, Victoria's Secret, and Go Daddy are just a few that have been publicly exposed with security vulnerabilities. Don't let your software or Web site be the next on this list.


About the author

Ryan English's picture Ryan English

Ryan English is the group product manager for SPI Dynamics, where he oversees product strategy and direction for the company's development lifecycle security-testing products. Ryan is a seasoned speaker on the topic of Web application security testing and has spoken at several quality assurance industry events, including Software Test & Performance Conference, STAREAST, STARWEST, Mercury World, IBM Rational Conference, and various user groups and associations.

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, is the place to go for what is happening in software development and delivery.  Join the conversation now!