Are security test tools considered “ALM tools”?
Requires Free Membership to View
When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.
Hannah Smalltree, Editorial Director
As we all know, ALM is a category that is hard to lock down in terms of what is considered an ALM tool and what is not. When it comes to security test tools, I am on the fence based on the type of application to be built. For example, if you are building embedded systems or operating level software then I would expect that the concept of security testing for security breach vulnerabilities might be done by the actual development team -- thus making security test tools part of your ALM tooling.
However, if you are building enterprise software, i.e., business applications, then I suspect that you will have security specialists to do this type of investigation and testing outside of the normal application development process and lifecycle. Right or wrong, this is what I typically see. In this case I would say your security test tools are actually part of the security management process and not part of ALM.
In either example, I think a solid security testing approach is something that any good application development shop should be on top of, whether they do the testing or share it with security specialists. Remember, from a business perspective, if you deliver application software that exposes your organization to risk, or worse, causes a real breach, then you will suffer severe consequences from both the costs associated with resolving the breach and the impact that it has on your company’s brand and reputation.
This was first published in April 2011