I can't help you with security but you may be interested in my
experiences with a different discipline that sometimes parallels
security, which is safety. Mary Poppendieck and I collaborated on a
paper that addresses XP and safety and is available on her web site
Hope this helps,
Brian Marick wrote:
>It's a commonplace that security requires some sort of carefully-vetted
>design up front and that, therefore, projects where security is
>important should not use agile methods.
>I'm one of the editors for STQE Magazine <http://www.stqemagazine.com>.
>It would be interesting to publish an article that described a
>counterexample. That would be a project where the customer was highly
>concerned about security, where the development proceeded in an agile
>style, and where the results credibly show that the end result was
>decently secure. How did the emphasis on security change the process?
>If you can (and might) write me such an article, drop me a line. Or you
>can look me up at XP/AU. I'll be there from Sunday night through the
>end, often at FIT Fest.
>Deadlines are tight: first draft a month from today, final draft a
>month thereafter. (If you can't make that, we could perhaps slip to a
>Here is where you can find out about writing for STQE:
>Here is our list of currently unfilled slots:
>Consulting, training, contracting, and research
>Focused on the intersection of testing, programming, and design
>I'm program chair or cohost of these events:
>FIT Fest: <http://fitnesse.org/XpFitFest.FrontPage>
>Please join me.
>To Post a message, send it to: scrumdevelopment@...
>To Unsubscribe, send a blank message to: scrumdevelopment-unsubscribe@...
>Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/