Development teams within virtualware had limited

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: crosoft and C++ technologies.The development team focused on the new web interfaces is primarily composed of Java developers. Organization VirtualWare has been developing their core software platform for over 8 years. During this time they have had limited risk from common web vulnerabilities due to minimal usage of web interfaces. Most of the VirtualWare platforms are run through either a server based systems or thick clients running on the desktop. VirtualWare employs over 300 developers, with staff broken up into teams based on the projects that they work on. There are 12 teams with around 20–40 developers per team. Within each team there is minimal experience with software security, and although senior developers perform basic assessments of their code, security is not considered a critical goal within the organization. Recently VirtualWare started a number of new project streams, which deliver their client and server interfaces via web technology. Knowing the extent of common attacks seen over the web, this has driven the organization to review their software security strategy and ensure that it adequately addresses possible threats towards their organization going forward. Each team within VirtualWare adopts a different development model. Currently the two primary methodologies used are Agile SCRUM and iterative Waterfall style approaches. There is minimal to no guidance from the IT department or project architects on software security. Previously the organization had undertaken basic reviews of the application code, and has been more focused on performance and functionality rather than security.VirtualWare developers have been using a number of code quality analysis tools to identify bugs and address them within the code. SAMM / Case Studies - v1.0 With this in mind, the upper management team has set a strategic objective to review the current status of the security of their applications and determine the best method of identifying, removing, and preventing vulnerabilities in them. 84 Phase 1 Phase 2 Phase 3 Phase 4 ✦Rapid release of application features to ensure they ✦ maintain their competitive edge over rivals ✦Limited experience with software security concepts—currently ✦ minimal effort is associated with security related tasks ✦Developers leave the organization and are ✦ replaced with less experienced developers ✦Multiple technologies used within applications, with legacy ✦ applications that have not been updated since originally built ✦No understanding of existing security posture ✦ or risks facing the organization VirtualWare wanted to focus on ensuring that their new web applications would be delivered securely to their customers. Therefore the initial focus on implementing the security assurance program was on education and awareness for their development teams, as well as providing some base technical guidance on secure coding and testing standards. The organization previously had received bug requests and se...
View Full Document

This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.

Ask a homework question - tutors are online