Security and Reliability Techniques Revealed for Agile Teams
Agile methods typically do not explicitly address security and reliability, yet these are issues which are often critical to your success. Cliff Berg, author of High Assurance Design, and myself wrote a feature article for the July issue of Dr. Dobb's Journal describing how assurance issues can be properly addressed on agile software development projects while still remaining agile. The article describes the need for agile architecture, design, and documentation. It then describes a collection of practices for agile assurance:
- Create the minimal design that is necessary at the time.
- Maintain only those parts of the design that need to be maintained to satisfy the mission of the application—Update Only When It Hurts.
- Define success criteria—tests—that the design must meet from the beginning, in a manner analogous to test-driven development (TDD), and require the design to be "tested" with each build of the system.
- When a requirement cannot be effectively verified using execution tests, use the design (not the code) as the focus of evidence of correctness and completeness.
- Ensure that requirements that are collected include assurance objectives.
- Use TDD and other techniques to continually verify compliance of the implementation with ongoing design (along the lines of AMDD) as well as with requirements.
- Augment TDD with randomized testing to empirically assess actual assurance.
Tom Gilb & Kai Gilb Jan 26, 2015