Ten Ways for Software Developers to Interact with the Security Team

By Dipankar Das, Gaea News Network
Saturday, July 24, 2010

softwaresecurity The  IT consultancy firm Denim Group who develops security software and helps organizations to assess and lower the security risk, provides guidance to software development teams in terms of better collaboration with the security teams. Software Development teams are always in a rush to meet the deadline of a project. Although, functionality and features tops in the priority list, security requirement is equally important due to the rise of application level attacks.

Denim Group provides the best practices that the company  observed in client environments where software development teams cooperate each other with the security team.

  • There has to be one developer in the team who has sound knowledge about security. You may hire a person for this purpose or grow somebody within the team.
  • All developers should go through security awareness training.
  • You may prepare a list of your applications with some of their functionality and discuss this list with your security team.
  • You can use one web proxies or application scanners to test one or two of your applications.
  • You may download any of the source code scanning tool and run it against your application.
  • It is also a good idea to benchmark your team against a software security maturity model.
  • Then, you may talk to your security team with the results of your initial findings. You have to take the initiative in order to encourage activity on your schedule.
  • You should fix any vulnerabilities that have been identified into your defect tracking system so that you can address them afterward according to their priorities.
  • You may pick some of the critical vulnerabilities and fix them in order to prove that you taking security seriously.
  • You may ask for input from the security team at the beginning of the project.

“Proactively opening lines of communication between software developers and information security professionals will help ensure vulnerabilities are identified and fixed more quickly. This will help avoid business disruption and ultimately save organizations time and money,” said Dan Cornell, chief technology officer of Denim Group.

will not be displayed