I have been violated. It is a sobering experience. Username, email, hashed password available on the Internet in a prime database for script kiddies Lulzsec et al. I now have some sympathy for RSA. Actually, hang on a sec. No I don’t. I actually did what I preached. Read on for three simple strategies that game me comfort after having my details compromised as part of the MTGOX bitcoin hack.
I am going to fail. Agile and security just do not mix, especially secure at source. Agile is all about rapid development, everyone in a room with brown paper plastered across the wall, product backlogs building up while developers code feverishly on today's priorities. Security works well in a structured environment. We influence through control points and project gates. Oh, you are writing requirements? Let me provide you some from security. Design stage? A threat model and design review. Build we will mostly ignore but test is our Coup de grâce. The pen test is the height of security skill where your lovely creations will be decimated! But how do I apply this magnificence to agile when I am called a CHICKEN and thrown out of the room?