Ten Ways for Software Developers to Interact with the Security Team

Ten Ways for Software Developers to Interact with the Security Team

Computer Security News

Software Development News

RELATED NEWS

Knee-jerk reactions by insurance regulator pose challenge: Experts

India tops list of nations lacking toilets

Six-wicket haul on Pak Test debut was a dream come true: Tanvir Ahmed

Chinese men don 'honeybee suits' for show!

66pc Brits worry about finances but don't do anything about it

UK PM pledges visa abuse crackdown, stem immigration

Ten held after fatal coalmine dispute in China

Guru Nanak's birth anniversary celebrated with fervour

Asian Games hockey: Indian men beat Japan 3-2, to face Malaysia in semis

Fire in Delhi five-star hotel

By Dipankar Das, Gaea News Network
Saturday, July 24, 2010

softwaresecurity The IT consultancy firm Denim Group who develops security software and helps organizations to assess and lower the security risk, provides guidance to software development teams in terms of better collaboration with the security teams. Software Development teams are always in a rush to meet the deadline of a project. Although, functionality and features tops in the priority list, security requirement is equally important due to the rise of application level attacks.

Denim Group provides the best practices that the company observed in client environments where software development teams cooperate each other with the security team.

There has to be one developer in the team who has sound knowledge about security. You may hire a person for this purpose or grow somebody within the team.
All developers should go through security awareness training.
You may prepare a list of your applications with some of their functionality and discuss this list with your security team.
You can use one web proxies or application scanners to test one or two of your applications.
You may download any of the source code scanning tool and run it against your application.
It is also a good idea to benchmark your team against a software security maturity model.
Then, you may talk to your security team with the results of your initial findings. You have to take the initiative in order to encourage activity on your schedule.
You should fix any vulnerabilities that have been identified into your defect tracking system so that you can address them afterward according to their priorities.
You may pick some of the critical vulnerabilities and fix them in order to prove that you taking security seriously.
You may ask for input from the security team at the beginning of the project.

“Proactively opening lines of communication between software developers and information security professionals will help ensure vulnerabilities are identified and fixed more quickly. This will help avoid business disruption and ultimately save organizations time and money,” said Dan Cornell, chief technology officer of Denim Group.

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News