Last week I was discussing my research at Security Lancaster with a friend. She said, "You must think security is the most important thing in software.” I hastened to deny it. You see, I don't think security is by any means the most important aspect to software creation.
Know your enemy is a very old principle indeed. It dates back to the Chinese philosopher Sun Tzu's The Art of War. I've always been fascinated to know who it is that is my enemy when I'm developing secure software for mobile phones.
What does a Secure Development Process mean for an Agile development team? An SDP is a set of activities and deliverables to enable developers, testers and project managers to create software that is proof against security threats. But how?