InfoQ

News

Security and Reliability Techniques Revealed for Agile Teams

Posted by Scott Ambler on Jun 14, 2006 08:26 AM

Community
Agile
Topics
Agile Techniques,
Enterprise Application Blocks,
Agile in the Enterprise,
Security
Tags
Quality

Agile methods typically do not explicitly address security and reliability, yet these are issues which are often critical to your success.  Cliff Berg, author of High Assurance Design, and myself wrote a feature article for the July issue of Dr. Dobb's Journal describing how assurance issues can be properly addressed on agile software development projects while still remaining agile.  The article describes the need for agile architecture, design, and documentation.  It then describes a collection of practices for agile assurance:

  • Create the minimal design that is necessary at the time.
  • Maintain only those parts of the design that need to be maintained to satisfy the mission of the application—Update Only When It Hurts.
  • Define success criteria—tests—that the design must meet from the beginning, in a manner analogous to test-driven development (TDD), and require the design to be "tested" with each build of the system.
  • When a requirement cannot be effectively verified using execution tests, use the design (not the code) as the focus of evidence of correctness and completeness.
  • Ensure that requirements that are collected include assurance objectives.
  • Use TDD and other techniques to continually verify compliance of the implementation with ongoing design (along the lines of AMDD) as well as with requirements.
  • Augment TDD with randomized testing to empirically assess actual assurance.
 

Related Sponsor

VersionOne is recognized by Agile practitioners as the leader in Agile project management tools. Companies such as Adobe, BBC, CNN, Dow, HP, IBM, Sony and 3M have turned to VersionOne to help deliver greater value to their customers.

No comments

Reply

Exclusive Content

VMware Infrastructure 3 Book Excerpt and Author Interview

VMware Infrastructure 3: Advanced Technical Design Guide and Advanced Operations Guide provides a wealth of practical insights into setting up virtualization in todays corporate environments.

Architectures of extraordinarily large, self-sustaining systems

Can a system that is so large it cannot be comprehended be "designed" in a conventional sense? The foundations of computing are about to change. In this talk, Richard P. Gabriel explores why and how.

Using Ruby Fibers for Async I/O: NeverBlock and Revactor

Ruby 1.9's Fibers and non-blocking I/O are getting more attention - we talked to Mohammad A. Ali of the NeverBlock project and Tony Arcieri of the Revactor project.

Agile and Beyond - The Power of Aspirational Teams

Tim Mackinnon talks about the aspirations behind the Agile principles and practices, the desire to become efficient, to write quality code which does not end up being thrown away.

Concurrency: Past and Present

Brian Goetz discusses the difficulties of creating multithreaded programs correctly, incorrect synchronization, race conditions, deadlock, STM, concurrency, alternatives to threads, Erlang, Scala.

ActionScript 3 for Java Programmers

Often the hardest part of changing technologies is language syntax differences. This new article provides Java developers with a transition guide to Actionscript which forms the foundation of Flex.

Neal Ford On Programming Languages and Platforms

Neal Ford talks about having multiple languages running on one of the two major platforms: Java and .NET. He also presents the advantages offered by Ruby compared to static languages like Java or C#.

Future Directions for Agile

David Anderson talks about the history of Agile, the current status of it and his vision for the future. The role of Agile consists in finding ways to implement its principles.