Security Guidelines for Agile Development

Some security experts would have you believe that it is "impossible" to implement secure development practices using agile development methodologies. Admittedly, the use of agile does pose some challenges to traditional security development lifecycle (SDL) processes-challenges such as meteorically short release cycles, infinitely long product lifetimes as in the case of cloud applications, and a general You-Ain't-Gonna-Need-It planning mentality within agile. Despite these challenges, securing systems developed in agile projects is possible. SDL and agile can work well together. In many ways, they can actually work better together than do traditional development approaches. Bryan Sullivan details the process changes that the Microsoft SDL team made to improve the applicability of the SDL to agile development methodologies. He discusses key challenges faced in adapting secure development practices to agile and how they were overcome. Join Bryan to discover the inherent strengths of agile that work exceptionally well with the SDL and can lead to a best-of-both-worlds scenario.