tag:blogger.com,1999:blog-2511631377600597263.post6824691835636026770..comments2023-10-29T14:05:00.630-05:00Comments on Nick Coblentz: Security and Development: Building A Better RelationshipNick Coblentzhttp://www.blogger.com/profile/02039723015167872217noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-2511631377600597263.post-54786726655310002642012-01-17T21:23:19.222-06:002012-01-17T21:23:19.222-06:00Hey Jim!
I'm in agreement with you. This pos...Hey Jim!<br /><br />I'm in agreement with you. This post is meant to encourage transition towards exactly that.<br /><br />Most if not all the organizations I have worked with lately on pentesting engagements have had a very separate and distinct security teams. I think integration is important. The part I am having trouble with most is which team to integrate them into. There's a lot of reasons why they should be integrated into QA teams. But it might make just as much sense for them to be within development teams too.Nick Coblentzhttps://www.blogger.com/profile/02039723015167872217noreply@blogger.comtag:blogger.com,1999:blog-2511631377600597263.post-35136481832269967452012-01-17T21:16:50.150-06:002012-01-17T21:16:50.150-06:00Why have security auditors in a separate team at a...Why have security auditors in a separate team at all? Why not make AppSec professionals integrated members of development teams where necessary? They could always float to different teams if people resources are short... <br /><br />If your accessors are mostly doing pentesting, then you are late. I want my AppSec pro's helping come up with requirements and designing software from day 1. That's where you gain the most strategic benefits. :)<br /><br />Aloha Nick!Jim Manicohttps://www.blogger.com/profile/14447468633342290543noreply@blogger.com