Published: September 16, 2008
Comsec Consulting Refreshes Approach To Ensure A Secure Agile Software Development Lifecycle (SDLC)
LONDON, UK, 16th September 2008, Comsec Consulting, a leading information security consulting firm, today unveiled its updated approach to ensure a Secure Agile Software Development Lifecycle (SDLC).
Avi Douglen, Comsec's Senior Application Security Consultant, said, "At Comsec, we have seen a substantial increase in the adoption of Agile software development methodologies. These promote development of software in small increments, with minimal planning, open collaboration and process adaptability throughout the lifecycle of the project."
In a recent survey conducted by DrDobbs.com, a well-regarded, professional technology journal, over 65 per cent of respondents within organisations have adopted one or more Agile development techniques and 41 per cent have adopted one or more Agile methodologies. Agile development methods pose a great challenge to the often time-consuming requirements of security, such as full security audits and design documentation.
Mr Douglen continues, "Comsec has developed a new approach which takes into account our customers' methodologies, Agile principles, organisational structure, staff knowledge, current technologies and available documentation. Comsec's innovative approach ensures the required level of software security and fully integrates to provide the benefits of Agile development methods and a Secure Software Development Lifecycle."
Based on its extensive knowledge and experience, Comsec has revealed its Agile Secure Software Development Lifecycle approach which involves a combination of three general activities that ensure information security is involved within the development lifecycle of companies implementing Agile software development methods.
The three general activities are:
A small number of security focused sprints, or iterations, based on user security stories and other relevant software security requirements;
intense security days at critical phases of the design, construction and testing. These are a small piece of the regular iterations, and can be carried out in part by security experts who are part of the development team. Such efforts include lightweight Threat Modeling and focused security testing according to the business context before each major release; and
security education for developers, testers, and management, in addition to use of automated tools.
An important aspect of Comsec's approach is knowledge transfer. As with Agile development itself, this is important because programmers often must make the right decisions themselves, without any supervisory process and minimal quality control. Comsec assists companies in establishing a secure Agile infrastructure and accompanies the process of Agile development methods implementation, whilst integrating security within the short time frames and changing situations organisations are facing.
About Comsec:
Comsec Consulting is a leading Information Security Consulting firm, helping Europe's enterprises to design and incorporate security into their information technology infrastructure. With dedicated security professionals, comprehensive methodologies and more than 20 years of security experience, Comsec provides a diverse range of services across market sectors including high-tech, telecoms, financial services and Government, amongst others. Comsec's UK head office is in London, providing the UK's leading organisations with client-led professional services on governance, risk and compliance, application level security, ERP security and information security management. In these areas, the company provides assessments, designs, testing, evaluation, training, documentation, leadership and overall security guidance. Visit www.ComsecGlobal.com or call 020 7483 9180.
For further information, please contact:
Paula Averley
hothouse
t. 020 8224 9933
m. 07766 257776
e. paula@hothousecomms.com
Copyright © 2012, Realwire
Copyright © 2012, NewsBlaze,
Daily News
Search News
