UNISON OF THOUGHT
Cyber Security given the nature of impact its having on the world around would give a feeling that the software ecosystem would be in unison of the thought. The synthesis & synergy which ought to happen between IT security & development teams might not be happening. Software creation is still thought to be an independent domain of developer / development team. It decides on the security features. The quantum of security researchers input / incident learnings making way into the new software’s is not directly known. Dealing issues at the design level is ideal . Development team is nebulous on security ideas.
Security being anti-business, their jargon not blending with the development team to the extent, that it’s told that the Security teams have a PR problem. Security is the last concern on the developers mind. He is driven by the urge to innovate & to write a high quality software, facilitating business. Catching customers fancy is the final test, delivering cool things.
The Security jargon needs to blend with the software development. It can’t remain alien. Security cannot be considered as human botnet in the development team. One way of finding a much better unison is to have Security / vulnerabilities issues as a part of the general requirements of software development. It can be prioritised. This attempt has been of great use at Adobe, where security requirements are a part of JIRA. This is the only tool, the development team refers all throughout the development life cycle. It is a great attempt to bridge the divide at the base coding level itself.
A unified security engagement form helps a clear cut follow through, throughout the development cycle. Testing becomes more understandable to the Security guys, tracking vulnerabilities becomes much more easier. Automated measurement & vulnerability management in a true technical manner will make an immense difference in the quality of software.
UNISON OF MIND OF SOFTWARE DEVELOPMENT & SECURITY IS A MUST.