This is a common issue but something that can be resolved relatively easily. First, management has to make their support of security and risk management known by spreading the message and holding people accountable. Second, get your teams in the same meetings. Have developers/QA staff attend security-related meetings and security/compliance staff attend development/QA-related meetings.
Finally, get all staff members some cross-training in the respective areas. There's no reason why security/compliance staff shouldn't know the basics of software development/quality and why developers/QA staff shouldn't know the essential concepts of information security. Pull these three things together and you'll have yourself a workable solution.
Here is some more advice for development teams battling with similar struggles:
- How to get management on board with Web 2.0 security issues
Ways to get management buy-in for Web 2.0 security testing and quality assurance and to bolster application security before deployment are given in this tip.
Handling the people side of Agile software development
Expert tester advises agile development teams to adopt cross functionality, use only proven agile practices and encourage strong tester and developer relationships.
Tips for software testers: Getting along with developers
End software project slowdowns caused by fighting between software testers and developers with these four tips.
Dig deeper on Cloud Application Testing
Related Q&A from Kevin Beaver
While Windows 8 does include Windows Fax and Scan, it doesn't create PDFs of scanned documents. Here are some Windows 8 PDF reader workarounds.continue reading
Microsoft's Sysinternals suite of free tools may not specifically support Windows 8 yet, but it is still very useful, even for admins supporting the ...continue reading
The Windows 8 UI hasn't won any popularity contests, but there are workarounds for it, unlike for Windows 8 Metro apps and Windows XP or Windows 7.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.