Does security need to be designed in from the start?
Posted by Ian S. Nelson Mon, 21 Aug 2006 23:51:00 GMT
Does security need to be baked in to a product from the very start? Or can you add it after the fact? Does the development model affect this? I think this is a really interesting question. My instinctual answer is that to build a properly secured application or system of applications you have to plan for it from the start. That's the parochial answer and I'm not sure that's it is 100% correct. The last few years various iterative development models have become more popular and while I cannot point to any examples of great success coming from that I also can't point out any failures that could have been avoided with any other development model. The trend is to rapidly develop with little or no up-front design, adapt to changing requirments dynamically and rapidly fix problems as they arrise. Do these development models lead to less secure products by their very nature?
The logical follow-up is how do you iterate security in to a product after the fact, if that's a valid way to do it? Any thoughts or experiences?
In my harsh personal experience, you’ve got to place security features on the same footing as any other feature, and give security requirements the same attention and force as other requirements.
For planned projects, that means you need to build security in from the start just as you build in any other core functionality. It’s the only way you’re going to have the leverage for creative solutions that preserve both security and usability. It’s the only way you’re going to have a chance of avoiding serious security mistakes or serious functionality impacts without ballooning your costs in scope changes or the like.
For ad-hoc prototyping gone bad (AKA rapid development), even though you don’t write your requirements down in advance, you still need the same attention to security through the process. You’ll be making rapid trades as you work. Forgetting security during that will ensure that you have to either redesign later, or bolt on some kludge that kills functionality and annoys you greatly because you know you could have done it so much more elegantly with a modicum of foresight.
Thanks for the comment, I pretty much agree. Maybe some agilistas will contribute some comments too, an awful lot of people are starting to build software that way and I’d like to know how they plan to deal with security issues.