Mar 17, 2015
There are myriad factors that can influence when new software and software updates are released. Often, release schedules are determined in response to software-hungry consumers, competitor strategies, or the increasing pace of hardware development. Whilst some of these pressures are very real, and require a response, other factors may be based on assumptions – be it the expected desires of the end user, or the expected release strategies of a rival organisation. In some instances, these pressures can result in aggressive software release management. Software and software updates are pushed forward, and released over an extremely short time frame. Whilst rapid software iteration can be a valuable marketing tool, it can also pose some real security issues.
Aggressive Software Releases and Technical Debt
If your release dates are determined in response to real market pressures, and can’t be slowed down or altered, it’s crucial to take steps to improve the security of your development process.With aggressive software release schedules, developers may find themselves pressured into taking development shortcuts, simply to meet a looming deadline. Whilst any resultant bugs would usually be detected during testing, the increasingly short timeframes afforded to developers often means testing is significantly cut down, or even omitted. Instead of being a pre-release necessity, it becomes an afterthought.As a result, aggressive software releases can have a serious and unintended side-effect: a build-up of technical debt. With every software and update release, there’s the potential for new bugs and technical vulnerabilities to be uncovered. Whilst slower release cycles would make it possible to thoroughly resolve these problems between iterations, more aggressive schedules often mean organisations are too short on time to enact effective fixes.As a result, your database of known vulnerabilities continues to grow with every update. The longer this technical debt is left to accrue, the greater the potential for a catastrophic security breach. Even in a best case scenario, where these problems never manifest beyond annoying bugs and glitches, it’s the end users who are forced to contend with a growing number of software problems. This can quickly become detrimental to an organisation’s reputation.
Secure Agile Development
Aggressive software release schedules can be a powerful tool in a competitive marketplace – as long as you’re able to minimise the risks it poses to security. Thankfully, it is possible to develop rapid software iterations within a secure framework.Secure agile development processes combine a best of both worlds approach; making it possible to regularly update and release software, whilst implementing a process of regular testing and bug fixing alongside. There are two main aspects to implementing a secure agile software development process:
- Pre-development security planning. By beginning each project with a documented approach to security, you can define the basic tenets of security your developers need to follow, and empower them to work quickly and autonomously.
- Iterative testing. The agile methodology involves ongoing, iterative development; and to pick-up on potential security problems at each stage of development, it’s essential that security testing is performed to a similar schedule.
Vulnerabilities and bugs are an unavoidable part of releasing software and software updates; but as long as your organisation has a mechanism in place for remedying these problems, as soon as they’re detected, the problems don’t have to turn into a security catastrophe.The earlier in the software development lifecycle problems are detected, the cheaper they are to fix. If your organisation operates to aggressive release schedules, and short development times between updates, secure agile development processes can help resolve security issues in a quick and cost-effective way.