YoVDO

The Insecure Software Development Lifecycle - How to Find, Fix, and Manage

Offered By: YouTube

Tags

Conference Talks Courses DevOps Courses Project Management Courses Quality Assurance Courses Stakeholder Engagement Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of secure software development in this comprehensive ShowMeCon 2018 conference talk. Delve into the current state of software development lifecycles and learn how to identify, address, and manage security vulnerabilities throughout the process. Gain insights on understanding stakeholders, analyzing existing processes, and conducting gap analyses. Discover the importance of key program metrics, phased goals, and management support in rebuilding secure development programs. Learn strategies for effective collaboration, including rotating work assignments and embedded liaisons. Understand how to leverage organizational policies and compliance requirements to create a need for security measures. Examine the role of style guides, automated code scanning, and manual reviews in maintaining secure coding practices. Based on the speaker's O'Reilly report, this talk provides valuable knowledge for improving the security of software development lifecycles.

Syllabus

Intro
The Status Quo of Software Development Lifecycles
Understanding Stakeholders and Existing Processes
Project Managers are EPIC assets
QA and DevOps
Customers/End-Users
Analyzing existing processes
Document the gap analysis
How does security affect the stakeholder?
How does security affect the process?
Preparing for rebuilding the program
Key program metrics
Important metrics
Phased goals
Goal phases
Gaining management support
Planning requirements
Active stakeholder participation
Working as a unified team
The importance of collaborating as one team
Discussions, not just bug submissions • Detailed meetings to discuss findings from offensive testing
Rotating work assignments and embedded liaisons
Setting expectations for stakeholders
Using organizational policy to create a need
Using compliance to create a need
The development style guide and standard libs
Style guides
Automated code scanning vs Manual reviews
Checklists set and track expectations
Conclusion
This talk is based on my O'REILLY repart available through Safari Books Online


Related Courses

Web Engineering III: Quality Assurance
Technische Hochschule Mittelhessen via iversity Project Management for Designers
Emily Carr University of Art + Design via Kadenze Develop Project Management Skills
OpenLearning Study UK: A Guide for Education Agents
FutureLearn Basics of Design Testing
SAP Learning