Loading ...
Sorry, an error occurred while loading the content.

Article author: security and agile

Expand Messages
  • Brian Marick
    It s a commonplace that security requires some sort of carefully-vetted design up front and that, therefore, projects where security is important should not
    Message 1 of 2 , Aug 7, 2003
    • 0 Attachment
      It's a commonplace that security requires some sort of carefully-vetted
      design up front and that, therefore, projects where security is
      important should not use agile methods.

      I'm one of the editors for STQE Magazine <http://www.stqemagazine.com>.
      It would be interesting to publish an article that described a
      counterexample. That would be a project where the customer was highly
      concerned about security, where the development proceeded in an agile
      style, and where the results credibly show that the end result was
      decently secure. How did the emphasis on security change the process?

      If you can (and might) write me such an article, drop me a line. Or you
      can look me up at XP/AU. I'll be there from Sunday night through the
      end, often at FIT Fest.

      Deadlines are tight: first draft a month from today, final draft a
      month thereafter. (If you can't make that, we could perhaps slip to a
      later issue.)

      Thanks.

      Here is where you can find out about writing for STQE:
      <http://www.testing.com/stqe>
      Here is our list of currently unfilled slots:
      <http://www.testing.com/cgi-bin/stqe.pl>


      -----
      Brian Marick
      Consulting, training, contracting, and research
      Focused on the intersection of testing, programming, and design
      marick@..., marick@...
      www.testing.com, www.visibleworkings.com

      I'm program chair or cohost of these events:
      PLoP: <http://jerry.cs.uiuc.edu/~plop/plop2003/>
      FIT Fest: <http://fitnesse.org/XpFitFest.FrontPage>
      Please join me.
    • The Morsicatos
      Brian, I can t help you with security but you may be interested in my experiences with a different discipline that sometimes parallels security, which is
      Message 2 of 2 , Aug 7, 2003
      • 0 Attachment
        Brian,

        I can't help you with security but you may be interested in my
        experiences with a different discipline that sometimes parallels
        security, which is safety. Mary Poppendieck and I collaborated on a
        paper that addresses XP and safety and is available on her web site
        http://www.poppendieck.com/safety.htm.

        Hope this helps,

        Ron Morsicato

        Brian Marick wrote:

        >It's a commonplace that security requires some sort of carefully-vetted
        >design up front and that, therefore, projects where security is
        >important should not use agile methods.
        >
        >I'm one of the editors for STQE Magazine <http://www.stqemagazine.com>.
        >It would be interesting to publish an article that described a
        >counterexample. That would be a project where the customer was highly
        >concerned about security, where the development proceeded in an agile
        >style, and where the results credibly show that the end result was
        >decently secure. How did the emphasis on security change the process?
        >
        >If you can (and might) write me such an article, drop me a line. Or you
        >can look me up at XP/AU. I'll be there from Sunday night through the
        >end, often at FIT Fest.
        >
        >Deadlines are tight: first draft a month from today, final draft a
        >month thereafter. (If you can't make that, we could perhaps slip to a
        >later issue.)
        >
        >Thanks.
        >
        >Here is where you can find out about writing for STQE:
        ><http://www.testing.com/stqe>
        >Here is our list of currently unfilled slots:
        ><http://www.testing.com/cgi-bin/stqe.pl>
        >
        >
        >-----
        >Brian Marick
        >Consulting, training, contracting, and research
        >Focused on the intersection of testing, programming, and design
        >marick@..., marick@...
        >www.testing.com, www.visibleworkings.com
        >
        >I'm program chair or cohost of these events:
        >PLoP: <http://jerry.cs.uiuc.edu/~plop/plop2003/>
        >FIT Fest: <http://fitnesse.org/XpFitFest.FrontPage>
        >Please join me.
        >
        >
        >
        >To Post a message, send it to: scrumdevelopment@...
        >To Unsubscribe, send a blank message to: scrumdevelopment-unsubscribe@...
        >
        >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
        >
        >
        >
        >
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.