Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
6 Reasons Secure Coding Can Still Lead to a Shipwreck
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 2 / 2
stephendv
50%
50%
stephendv,
User Rank: Apprentice
10/8/2014 | 10:00:30 AM
Re: 6. Captain Phillips is drunk on the bridge:
It's also important for security to adapt to developers methodologies and workflows.  The reason policy documents don't get read is that many modern development practices don't rely that much on documentation.

So it's much easier for security requirements to be met if they're specified in the tools and language that the development team is already using for their other requirements.  A good example of this is writing security user stories, if that's the what the team is using, or to create security requirements on an issue tracker instead of in a document.

In my experience, developers want to do the right thing- we as security practitioners just need to make that as accessible as possible.
<<   <   Page 2 / 2


Register for Bank Systems & Technology Newsletters
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.