In an effort to make security more of a priority in an agile development environment, software security provider Cigital announced it is releasing an Agile Security Manifesto. The security manifesto builds on the original Agile Manifesto for software development, but adds four principles designed to promote security.
According to the company, integrating security into an agile environment hasn’t been broadly adopted, and when the original manifesto was introduced in 2001, security wasn’t a big concern.
(Related: How safe is the Android ecosystem?)
“Cigital has always been committed to ‘building security in’—integrating security directly into the development process,” said Joel Scambray, principal security evangelist at Cigital. “The Agile Security Manifesto illustrates how security can be effectively integrated into the development process and provide productivity gains by eliminating the need to remediate security flaws late in the cycle.”
The four principles are:
- Relying on developers and testers for security instead of security specialists
- Making security a part of the process instead of an afterthought
- Implementing secure features instead of adding security features
- Mitigating risks instead of fixing bugs
“If you emphasize critical security responsibilities in the development process, the bugs that create vulnerabilities are eliminated at the source,” said Jim Ivers, chief marketing officer of Cigital. “This in turn significantly reduces remediation time, and developer productivity is actually improved. We have a client who reports savings of hundreds of thousands of developer hours and a 15% productivity gain.”
Ivers added the original agile manifesto stated that software should be valuable, and for software to be valuable it must be secure.