Denim Group Recommends 10 Ways for Software Developers to Interact More Effectively with Information Security Teams

Denim Group just posted a release about 10 ways for software developers to interact more effectively with Information Security teams.  Since we do both software development and remediation as well as software security consulting we have a unique perspective on how these groups can come to a better understanding.

You can see a copy of the release here: Denim Group Recommends 10 Ways for Software Developers to Interact More Effectively with Information Security Teams.

Contact us for help getting your development and security teams to work better together.

–Dan

dan _at_ denimgroup.com

@danielcornell

Media Advisory

Agency Contact:                                                                                Denim Group Contact:

Alan Weinkrantz                                                                                 John Dickson

210.410-3075                                                                                      210.572.4400

alan@weinkrantz.com                                                                        john@denimgroup.com

Denim Group Recommends 10 Ways for Software Developers to Interact More Effectively with Information Security Teams

Development teams can use these steps to address security concerns and minimize disruptions to project release commitments.

San Antonio, TX – July 21, 2010 – Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risk with their existing software, provides guidance to software development teams looking to collaborate better with security teams. 

Software development teams are constantly under pressure to release new software products on a timely basis. While security requirements are acknowledged as important, features and functionality are typically at the top of the priority list for new releases. Given the increase in application level attacks, inclusion of security requirements will be a constant facet of software development efforts in the future.

The following list represents best practices Denim Group has observed in client environments where software development teams collaborate effectively with security teams:

1.      Have at least one developer on the team who is able to speak in depth about security. Hire someone specifically for this purpose, or grow someone within the team.

2.      Run all developers through some form of security awareness training.

3.      Make a list of your applications with some of their characteristics, and share this list with your security team.

4.      Use one of the freely available web proxies or application scanners to test one or two of your applications.

5.      Download an easily attainable source code scanning tool, and run it against your code.

6.      Benchmark your team against a software security maturity model, such as OpenSAMM.

7.      Reach out to your security team with the results of your initial efforts. Take the initiative in order to encourage activity on your schedule.

8.      Move any vulnerabilities that have been identified into your defect tracking system so they can be prioritized and systematically addressed.

9.      Fix some of the vulnerabilities identified in your applications. Prove you are taking security seriously by picking a handful of the most critical vulnerabilities and fixing them.

10.  Ask for input from the security team at the beginning of a new project or development effort.

Follow these steps to get your development team on the right track to addressing security concerns. For further analysis, the detailed list of best practices with descriptions can be found at the Denim Group blog at: http://tinyurl.com/3xefvh2.

“Security requirements for software projects are becoming a more consistent reality for development teams,” said Dan Cornell, Chief Technology Officer of Denim Group.  “Proactively opening lines of communication between software developers and information security professionals will help ensure vulnerabilities are identified and fixed more quickly.  This will help avoid business disruption and ultimately save organizations time and money.”

About Denim Group

Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, Denim Group was ranked 1,751 in Inc. Magazine’s 5000 Fastest-Growing Private Companies in America in 2009. For more information about Denim Group, visit www.denimgroup.com.

Reader Contact Information:
Denim Group, 3463 Magic Drive, Suite 315; San Antonio, TX 78229, Tel: 210-572-4400, Fax: 210-572-4401,
www.denimgroup.com, john@denimgroup.com.

###

Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *