Agile and Security - Oil and Water

Explore the intersection of Agile methodologies and security practices in this 57-minute conference talk from BSides Nashville 2015. Delve into the challenges of integrating security into Agile development processes, examining topics such as development and security assurance, meeting efficiency, and knowledge sharing. Learn about innovative approaches like the Pool Model and Role Engineering to address these challenges. Discover practical strategies for implementing security requirements, including the use of wikis, checklists, and cross-team collaboration. Gain insights on balancing Agile principles with security needs, and understand how to effectively incorporate security ownership within Agile teams. Conclude with an exploration of OpenSDL and nonfunctional requirements, providing a comprehensive overview of harmonizing Agile and security practices in software development.

Intro
Agile and Security
Salad Dressing
Development and Security
Agile
Security
Assurance
Mix
Meetings
This is what happens
The minute I minute
Too many meetings
Knowledge issue
Whats the real reason
Three things
Address the dressing
Add a third party
Shake around
Distributed pieces
What can we do
This is different
Traditional SDL
Pool Model
Halftime Question
Checklist
Security Requirements
Phases
Activities
Role Engineering
Security Owner
Wiki
Real Implementation
Contact Ron
OpenSDL
Nonfunctional requirements
One per team
Cross teams
Arm