Software Quality Insights

A SearchSoftwareQuality.com blog

» VIEW ALL POSTS Aug 2 2013   9:41PM GMT

Agile2013 conference still closing in; plus new news on the security front



Posted by: James Denman
Tags:
agile
Agile 2013
Agile Alliance
Agile conference
Agile software development
application development
Application security
Dan Cornell
Debugging
Development
Security
Software Quality
Software testing
testing

It’s been a busy week and I’m itching to start the weekend, so this week’s post is going to be short, but I’ll make up for that with extra blog posts next week. I take off for Nashville in about forty-eight hours.  This conference is going to be a real challenge to cover on my own, but it should be a really fun challenge. Plus, I’m looking forward to announcing some news from one of our application security experts.

I still can’t decide on most of the sessions I’ll actually end up being in. I found a session on integration testing on Monday afternoon so that’s one place and time you’ll find me. I’m looking for some other good sessions on testing. If you’re going to be at Agile 2013, feel free to let me know what sessions I should be at and haven’t found yet.

On a separate note – to show I’m not purely dedicated to Agile2013 all the time – I’d like to mention a call I had earlier today. One of our regular security experts – Dan Cornell – is deeply involved in an open source project called ThreadFix. What ThreadFix does (in the most general of terms) is to take the vulnerabilities that security testers find, collect them all in one place, and then convert them into code defects that fit in with the work a developer is already doing. That makes it much easier to get developers (and their managers) focused on security in a concrete and operable way.

Dan gave me a sneak peek at what the next steps are for the ThreadFix project. I can’t really say what that is or what it means until after the official release comes out next week. However, I will say that it makes a lot of sense and should make the concepts behind ThreadFix more adoptable and more available to more organizations. This is a good thing because it seems like application security issues are being treated like second rate citizens in most software quality programs. I’d like to see more effective long-term solutions emerge for software security testing – and more importantly fixing.

Do you think your organization handles security particularly well or particularly poorly? I’d love to have a chat about it. We don’t have to mention anything identifiable about your organization (unless you want to). Shoot me an email or find me on Twitter @TTJDenman. Oh, and speaking of Twitter – I’ll be sounding off throughout next week’s festivities on the #Agile2013 hash tag.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: