A secure piece of software only does what it is intended to do, and is secure against misuse or attacks against itself or its users. Software security is ensured by following good practices throughout the software development process. These practices are reinforced with a software development process designed to promote security.
Nixu Security Lead service improves the customer’s software development method by introducing new security-enhancing elements in existing development methods, such as Scrum. These elements can be tailored to customer needs. Some of the elements we have introduced in the past include threat workshops, exploratory reviews and developer coaching in secure practices. Security Lead provides internal support and guidance for the development team, sparring with the team to ensure a secure software delivery.
Provided as a continuous service, Security Lead not only steers the developers in a single project’s information security issues, but also helps improve their architectural solutions and software development processes. Individual projects can be supported by assessing the maturity of the developer team’s security solutions and practices. These assessments provide observations that are relevant also to the organisation's other development projects