Contributed by Rajesh Laskary The Plot:
Cybersecurity threats are evolving with every passing day and so the level of sophistication with which an attack can be planned, organized, and executed. In the past organizations have been more focused on ‘Quality’ and less on ‘Security’. Now we are witnessing a shift wherein organizations have started considering ‘Security-By-Design’ in their products or applications alongside quality while embracing the ‘agility’ of fast-paced agile software development. What we need to keep in mind is, ‘Security’, ‘Quality’ or ‘Agility’ is not just about tools and processes, it’s more about a cultural change in an organization, understanding vulnerabilities, it’s about the change in the mindset of people working for your organization to view things from a different angle.
Let’s assume a scenario (and trust me it’s omnipresent in one form or the other in every organization) before we start and let me set the background.
“ Your system/business analysts are always on their toes as the business keeps changing the requirements and there is always a never-ending discussion taking place on the scope or the priority of a business requirement and hence your development teams are also under tremendous pressure with ever-changing scope or priority of business requirements, last-minute design changes, CI/CD (Continuous Integration and Continuous Delivery) issues, daily scrums and other meetings, pressure to deliver at a fast pace and in a short sprint, etc.
The ‘Security’ and the ‘Quality’ tussle:
Similarly, the Testing and Quality Assurance teams are testing something which they have just received late in the sprint, they have just encountered something that was changed and they were not aware of it till the very last moment, they haven’t yet finished their SIT (System Integration Testing) and sprint is about to complete and they do not have sufficient time to regression test the system or for performance testing. (Do you think they’ll have time to think of ‘Security’?)”
‘Quality’ of the product has always been of utmost importance to any organization and now ‘Security’ has started sharing the time, resources, and budget which once only belonged to ‘Quality’.