Why security and privacy by design are not a backlog item

Secure coding, security and privacy by design and default have never been part of the software development industry in any mainstream way. You only have to look at the OWASP top 10 to realise this as the top items haven’t changed much over its entire existence.

While it was sometimes possible to include security requirements in the waterfall design method because an overall design view was present, with Continuous Delivery and DevOps breaking software design up in backlog items, this has become a lot more difficult, unless it’s integrated into the entire process.

Now the GDPR comes along and actually may mandate this. But how should we  really implement this into the development culture?

Required audience experience

None. I will go through the basics of security and privacy by design, secure coding and also the legalities poised by the GDPR to the software design process.

Objective of the talk

To help developers and others see that incorporating these design philosophies may not only benefit the end users of their products (think of IOT devices), but also note that if you don’t fully embrace it it will not work. Apart from the legal requirements laid down by the GDPR.

Track 1
Location: Date: May 16, 2018 Time: 4:40 pm - 5:25 pm Drs Andor Demarteau Drs. Andor Demarteau, Shamrock Information Security