Stackarmour

Is agile’s inattention to security to blame for software vulnerabilities?

This is a guest post published in GCN (Government Computer News) with an excerpt produced here to bring attention to an important issue relating to software vulnerabilities during Cybersecurity month.

Organizations across the globe are rapidly adopting agile frameworks for managing and implementing software systems. Agile frameworks like the Scaled Agile Framework (SAFe), Scrum, Kanban and many others are popular, with industry reports indicating more than 70% of organizations are now using agile approaches for managing projects. However, daily headlines point to cybersecurity breaches, website vulnerabilities and data loss issues. Do the agile frameworks commonly used by industry share some blame for the lack of security in systems?

A quick search on the SAFe website does not show even a single reference to the word “security” in the core tenets and principles of systems design and implementation. Further, reviewing the roles and responsibilities of key positions associated with agile development like product managers and product owners likewise does not return a single reference to security as a core responsibility. In an age where accountability for cybersecurity is increasingly a boardroom issue, it is important that security not be considered a non-functional requirement without adequate management oversight. The need for security in digital systems must be a core tenet, and key personnel should be held accountable for ensuring those requirements flow through the agile systems development lifecycle.

This is a guest post published in GCN (Government Computer News) with an excerpt produced here to bring attention to an important issue during Cybersecurity month. Read more on the GCN website. Contact us to learn more about stackArmor’s cloud solutions for compliance-focused customers.