Why the case for reframing security in relation to quality has never been stronger.
Security and quality. Quality and security. What is the relationship between the two in today’s software development world? Are they synonymous? If you’re producing quality software, does that mean it’s automatically secure? If your software is deemed secure, does that mean it’s inherently high-quality? If you have a defect in either quality or security, does that equate to a problem with the other? Why are
we even talking about the relationship between quality and security concerning software development? Is it that important in today’s world?
So many great questions, soon to be answered. As we discuss software quality, bear in mind the business reason for this discussion: higher quality software drives higher productivity and lowers the total cost of IT ownership. In this way, the focus on software quality does, indeed, offer some economic benefit to the enterprise.
Further, it’s important to recognize the role of the Chief Information Security Officer (CISO) in this discussion. The CISO is chartered with championing cybersecurity regardless of which team across the enterprise is producing software. Likewise, the focus on software quality is organizationally agnostic. In short, this means a CISO is ideally suited to help organizations orient security in the name of software quality.
Let’s get started by first defining both quality and security as they relate to software development.