{"id":21840,"date":"2014-09-04T13:52:00","date_gmt":"2014-09-04T18:52:00","guid":{"rendered":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/"},"modified":"2014-09-04T13:52:00","modified_gmt":"2014-09-04T18:52:00","slug":"time-put-security-software-development-lifecycle","status":"publish","type":"post","link":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/","title":{"rendered":"Time to put Security into the Software Development Lifecycle"},"content":{"rendered":"<figure><\/figure>\n<div class=\"body\">\n<div>\n<p>On September 4, 2014 <a href=\"\/whitehat-security-partners-tasktop-provide-real-time-integration-application\">WhiteHat and Tasktop announced their partnership<\/a>, while simultaneously introducing the WhiteHat Integration Server. The WhiteHat Integration Server is an OEM of Tasktop Sync technology, which includes a connector to WhiteHat Sentinel, and a selection of connectors. The addition of security to the Tasktop ecosystem is important for so many reasons.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#Security_must_be_deeply_integrated_into_software_development_and_delivery\" >Security must be deeply integrated into software development and delivery<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#Complete_information_enables_better_decisions\" >Complete information enables better decisions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#It_is_all_about_flow_not_access\" >It is all about flow, not access<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#It_x92s_more_important_than_ever_to_connect_security_teams_to_their_colleagues\" >It&#x92;s more important than ever to connect security teams to their colleagues<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Security_must_be_deeply_integrated_into_software_development_and_delivery\"><\/span><strong>Security must be deeply integrated into software development and delivery<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Information security has been an important topic since the advent of computing, but over the last three years, high-profile security breaches have focused everyone&#x92;s attention on ensuring their web applications and sites are not easy pickings for crackers. But even though information security is important for many organizations, ensuring it is a separate activity from their normal development process. That disconnect slows down development since major security decisions are often left to the end. Agile and Continuous Delivery have taught us the value of integrating the disciplines, but for many organizations that integration is difficult. The release of the WhiteHat Integration Server and the creation of a Tasktop Sync connector for Sentinel provide automation that connects security vulnerabilities to defects, stories, issues and the rest of the lifecycle artifacts. This will allow organizations that use WhiteHat to embed security into the software development lifecycle earlier &#x2013; reducing rework, increasingly quality, visibility and ultimately improving time-to-market.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Complete_information_enables_better_decisions\"><\/span><strong>Complete information enables better decisions<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Software delivery, like all business processes, is about trade-offs. As software professionals we have to balance the needs of time to market, architecture, features and quality. The iron triangle of software delivery tells you that when considering quality, features or cost &#x2013; you can have only two. But the most worrying part of these compromises isn&#x92;t the fact organizations are making them, it is that they are making without a complete view of all the information. Feature Leads are making decisions about their ever-growing list of features; testers are looking at defect lists; and project managers are trying to work out what to do with a project plan that is no longer valid. Security is yet another trade-off to make, and the use of WhiteHat Sentinel provides you with great information on what, why and how security vulnerabilities and issues will undermine your website or web application. But often this information is separated from the other defects, requirements and issues. Without a complete, single view of the truth, software delivery and business leadership are making decisions without all the facts. With the release of the WhiteHat Integration Server, organizations can synchronize the security artifacts into the right reporting and planning tools, enabling decisions to be made based on a more complete view of the truth.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"It_is_all_about_flow_not_access\"><\/span><strong>It is all about flow, not access <\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Initial attempts to provide developers access to the information from security tools have focused on the IDE, allowing security observations to be surfaced within the developer&#x92;s IDE. The release of the WhiteHat Integration Server surfaces these observations, but in a different way. Instead of just enabling security vulnerabilities to be surfaced in the IDE, the integration server synchronizes the information into the tools managing the work for development &#x96; at a server level. By synchronizing security vulnerabilities with tools such as JIRA, Microsoft TFS, IBM RTC, Rally, or VersionOne, a developer will get a consistent and integrated view of their work, rather than a separate list of work items from the security tool. This allows them to manage security work in the same manner as other work. This is not only a key objective for development approaches such as Agile development, but also fundamental to building high-performance teams. By synchronizing the security information, you also have the ability to extend information in both artifacts, allowing the work item in a tool like JIRA to add additional development specific information without complicating the security artifact.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"It_x92s_more_important_than_ever_to_connect_security_teams_to_their_colleagues\"><\/span><strong>It&#x92;s more important than ever to connect security teams to their colleagues <\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The bottom line is that security &#x2013; like the PMO, Agile teams, quality and service management &#x2013; must be integrated in real-time to allow rapid, agile, and informed software delivery. The release of the WhiteHat Integration Server enables customers of WhiteHat to take the next step &#x96; connecting their security professionals to the rest of the software development and delivery lifecycle, in real-time. And from a Tasktop point of view, this is another BIG STEP in our mission of connecting the world of software delivery. Things continue to get more exciting and more secure at Tasktop. Dave<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>On September 4, 2014 WhiteHat and Tasktop announced their partnership, while simultaneously introducing the WhiteHat Integration Server. The WhiteHat Integration Server is an OEM of Tasktop Sync technology, which includes a connector to WhiteHat Sentinel, and a selection of connectors. The addition of security to the Tasktop ecosystem is important for so many reasons. Security&#8230;<\/p>\n","protected":false},"author":233,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","footnotes":""},"categories":[9548],"tags":[],"class_list":["post-21840","post","type-post","status-publish","format-standard","hentry","category-engineering-teams"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.8 (Yoast SEO v26.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Time to put Security into the Software Development Lifecycle | Tasktop Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Time to put Security into the Software Development Lifecycle\" \/>\n<meta property=\"og:description\" content=\"On September 4, 2014 WhiteHat and Tasktop announced their partnership, while simultaneously introducing the WhiteHat Integration Server. The WhiteHat Integration Server is an OEM of Tasktop Sync technology, which includes a connector to WhiteHat Sentinel, and a selection of connectors. The addition of security to the Tasktop ecosystem is important for so many reasons. Security...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/\" \/>\n<meta property=\"og:site_name\" content=\"Planview Blog\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/pages\/Planview-Inc\/89422974772\" \/>\n<meta property=\"article:published_time\" content=\"2014-09-04T18:52:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.planview.com\/wp-content\/uploads\/2019\/10\/planview-logo-social-media-400x400.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tasktop Blogger\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Planview\" \/>\n<meta name=\"twitter:site\" content=\"@Planview\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tasktop Blogger\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/\"},\"author\":{\"name\":\"Tasktop Blogger\",\"@id\":\"https:\/\/blog.planview.com\/#\/schema\/person\/35676ea677995199889c0b6456156ce2\"},\"headline\":\"Time to put Security into the Software Development Lifecycle\",\"datePublished\":\"2014-09-04T18:52:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/\"},\"wordCount\":754,\"publisher\":{\"@id\":\"https:\/\/blog.planview.com\/#organization\"},\"articleSection\":[\"Engineering Teams\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/\",\"url\":\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/\",\"name\":\"Time to put Security into the Software Development Lifecycle | Tasktop Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.planview.com\/#website\"},\"datePublished\":\"2014-09-04T18:52:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.planview.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Time to put Security into the Software Development Lifecycle\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.planview.com\/#website\",\"url\":\"https:\/\/blog.planview.com\/\",\"name\":\"Planview Blog\",\"description\":\"Leading the conversation on digital connected work\",\"publisher\":{\"@id\":\"https:\/\/blog.planview.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.planview.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/blog.planview.com\/#organization\",\"name\":\"Planview\",\"url\":\"https:\/\/blog.planview.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.planview.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/blog.planview.com\/wp-content\/uploads\/2015\/06\/planview-logo-black.png\",\"contentUrl\":\"https:\/\/blog.planview.com\/wp-content\/uploads\/2015\/06\/planview-logo-black.png\",\"width\":280,\"height\":66,\"caption\":\"Planview\"},\"image\":{\"@id\":\"https:\/\/blog.planview.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/pages\/Planview-Inc\/89422974772\",\"https:\/\/x.com\/Planview\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.planview.com\/#\/schema\/person\/35676ea677995199889c0b6456156ce2\",\"name\":\"Tasktop Blogger\",\"url\":\"https:\/\/blog.planview.com\/author\/tasktop-blogger\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Time to put Security into the Software Development Lifecycle | Tasktop Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/","og_locale":"en_US","og_type":"article","og_title":"Time to put Security into the Software Development Lifecycle","og_description":"On September 4, 2014 WhiteHat and Tasktop announced their partnership, while simultaneously introducing the WhiteHat Integration Server. The WhiteHat Integration Server is an OEM of Tasktop Sync technology, which includes a connector to WhiteHat Sentinel, and a selection of connectors. The addition of security to the Tasktop ecosystem is important for so many reasons. Security...","og_url":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/","og_site_name":"Planview Blog","article_publisher":"http:\/\/www.facebook.com\/pages\/Planview-Inc\/89422974772","article_published_time":"2014-09-04T18:52:00+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/blog.planview.com\/wp-content\/uploads\/2019\/10\/planview-logo-social-media-400x400.png","type":"image\/png"}],"author":"Tasktop Blogger","twitter_card":"summary_large_image","twitter_creator":"@Planview","twitter_site":"@Planview","twitter_misc":{"Written by":"Tasktop Blogger","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#article","isPartOf":{"@id":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/"},"author":{"name":"Tasktop Blogger","@id":"https:\/\/blog.planview.com\/#\/schema\/person\/35676ea677995199889c0b6456156ce2"},"headline":"Time to put Security into the Software Development Lifecycle","datePublished":"2014-09-04T18:52:00+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/"},"wordCount":754,"publisher":{"@id":"https:\/\/blog.planview.com\/#organization"},"articleSection":["Engineering Teams"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/","url":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/","name":"Time to put Security into the Software Development Lifecycle | Tasktop Blog","isPartOf":{"@id":"https:\/\/blog.planview.com\/#website"},"datePublished":"2014-09-04T18:52:00+00:00","breadcrumb":{"@id":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.planview.com\/time-put-security-software-development-lifecycle\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.planview.com\/"},{"@type":"ListItem","position":2,"name":"Time to put Security into the Software Development Lifecycle"}]},{"@type":"WebSite","@id":"https:\/\/blog.planview.com\/#website","url":"https:\/\/blog.planview.com\/","name":"Planview Blog","description":"Leading the conversation on digital connected work","publisher":{"@id":"https:\/\/blog.planview.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.planview.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/blog.planview.com\/#organization","name":"Planview","url":"https:\/\/blog.planview.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.planview.com\/#\/schema\/logo\/image\/","url":"https:\/\/blog.planview.com\/wp-content\/uploads\/2015\/06\/planview-logo-black.png","contentUrl":"https:\/\/blog.planview.com\/wp-content\/uploads\/2015\/06\/planview-logo-black.png","width":280,"height":66,"caption":"Planview"},"image":{"@id":"https:\/\/blog.planview.com\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/pages\/Planview-Inc\/89422974772","https:\/\/x.com\/Planview"]},{"@type":"Person","@id":"https:\/\/blog.planview.com\/#\/schema\/person\/35676ea677995199889c0b6456156ce2","name":"Tasktop Blogger","url":"https:\/\/blog.planview.com\/author\/tasktop-blogger\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/posts\/21840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/users\/233"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/comments?post=21840"}],"version-history":[{"count":0,"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/posts\/21840\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/media?parent=21840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/categories?post=21840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.planview.com\/wp-json\/wp\/v2\/tags?post=21840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}