Iterative software development and security: how doing one of these things well, doesn’t mean the other should suffer.
When it comes to digital government, security is a real risk. But doing security well shouldn’t mean that other parts of delivery (like how reliable the service is or how quickly new features can be released) should suffer. At the Canadian Digital Service (CDS) we’re trying to share examples of how iterative software development and security, together, lead to better outcomes.
Here are some of those stories.
Our key to security
The fear of someone getting hold of your passwords is real, and something that keeps security professionals up at night. In this blog post, we share how we’re using security keys to eliminate that risk (and hopefully allowing our security colleagues to sleep a little easier!)
Digital security is hard, especially when you want to try something new. But like airport security, with the right checks and processes, it’s definitely manageable. This blog post explains how we’ve created a tool to automatically and continuously verify that we are meeting our security goals.
Start with the fundamentals.
Work towards the shiny.
While we might want to believe in new technology as a miracle cyber cure, it’s not that easy. Effective security often depends on the less-shiny tasks, like building simple systems that can be patched, and then keeping them patched. Our Head of Security writes about how we’ve applied this approach to one of the products we worked on to track web security compliance.