Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team
نویسندگان
چکیده
Many software vendors conduct or commission penetration testing of their products. In a penetration test security experts identify entry points for attacks in a software product. The audits can be an eye-opener for development teams: they realize that security requires much more attention. However, it is unclear what lasting benefits developers can reap from penetration tests. We report from a one-year study of a penetration test and its aftermath at a major software vendor, and ask how an agile development team managed to incorporate the test findings. Results suggest that penetration tests improve developers’ security awareness, but long-lasting change of development practices is hampered if security is not properly reflected in the communicative and collaborative structures of the organization, e.g. by a dedicated stakeholder. Based on our findings we suggest improvements to current penetration test consultancies by addressing communication and organizational factors in software development.
منابع مشابه
Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملOrganizational Patterns of English Language Teachers’ Repair Practices
Despite the abundance of research on teachers’ repair practices in language classroom interaction, there are not enough conversation analytic studies on repair organization with the focus on the details of interaction in the context of EFL. Drawing on sociocultural and situated learning theories, this study explores the contingent nature of English language teachers’ org...
متن کاملTurning Time from Enemy into an Ally Using the Pomodoro Technique
Time is one of the most important factors dominating agile software development processes in distributed settings. Effective time management helps agile teams to plan and monitor the work to be performed, and create and maintain a fast yet sustainable pace. The Pomodoro Technique is one promising time management technique. Its application and adaptation in Sourcesense Milan Team surfaced variou...
متن کاملGlobal Health Governance Challenges 2016 – Are We Ready?
The year 2016 could turn out to be a turning point for global health, new political realities and global insecurities will test governance and financing mechanisms in relation to both people and planet. But most importantly political factors such as the global power shift and “the rise of the rest” will define the future of global health. A new mix of health inequity and security challenges has...
متن کاملRelationship Between Perceived Organizational Politics, Organizational Trust, Human Resource Management Practices and Turnover Intention Among Nigerian Nurses
Prior research has indicated that employee turnover is detrimental to both individuals and organisations. Because a turnover intention in the workplace is detrimental, several factors have been suggested to better understand the reasons why employees may decide to leave their organisations. Some of the organizational-related factors that have been considered by previous research include perceiv...
متن کامل