-
Glee Club alum David Temple was the first man to desegregate the fraternity system at UVa.
-
Glyphs to name folders is a brilliant idea anywhere, but especially on space challenged iOS devices.
-
I do! I do! My favorite flavors at Toscanini’s, the only ice cream store that has ever truly understood me, have been the odd ones–basil, green tea, Guinness (now almost a cliche, in 2000 a revelation). Prosciutto ice cream? Government Cheese ice cream? Bring it…
-
The Windows tax strikes again. Microsoft is in a hell of a place right now. If Windows isn’t central to everything that they do, they kill their core strategy; but if it is, they risk killing all innovation at the company. I think that more people there should be reading “The Innovator’s Dilemma.”
Day: July 1, 2010
Doing secure development in an Agile world
My software development lead and I are doing a webinar next week on how you do secure development within the Agile software development methodology (press release). To make the discussion more interesting, we aren’t talking in theoretical terms; we’ll be talking about what my company, Veracode, actually does during its secure development lifecycle.
No surprise: there’s a lot more to secure development in any methodology than simply “not writing bad code.” Some of the topics we’ll be including are:
- Secure architecture — and how to secure your architecture if it isn’t already
- Writing secure requirements, and security requirements, and how the two are different.
- Threat modeling for fun and profit
- Verification through QA automation
- Static binary testing, or how, when, and why Veracode eats its own dogfood
- Checking up–internal and independent pen testing
- Education–the role of certification and verification
- Oops–the threat landscape just changed. Now what?
- The not-so-agile process of integrating third party code.
It’ll be a brisk but fun stroll through how the world’s first SaaS-based application security firm does business. If you’re a developer or just work with one, it’ll be worth a listen.