Monday, August 6, 2012

QA Teams Can Improve Software Security! - Sept. 13, 2012 Presentation at the Kansas City Quality Assurance Association Meeting

Next month, I will be giving a presentation at the Kansas City Quality Assurance Association Meeting.  The talk is titled "QA Teams Can Improve Software Security!"  The presentation will be on September 13, 2012 at 11:15am at Manny's.  Take a look at the KCQAA Website for more details on the location and time.

During the presentation, I will talk about what role QA teams can play in improving software security, how their continuing education, structure, and composition can be improved to make them more effective at finding vulnerabilities, and I will give examples of test case techniques for finding security weaknesses.

In my opinion, testing for security weaknesses (whether its positive or negative testing) is very similar to what QA already does.  Security vulnerabilities are just another type of quality defect, and QA teams are well suited to this role.  Come check out my presentation and join in the conversation!

Note: As always, testing is just a very small part of software security (which I talk about in the presentation).  Good software security programs include portfolio management; training; security requirements; secure architecture, configuration, and coding patterns (think design patterns); validation (positive and negative testing), metrics, and continuous improvement.