Are security test tools considered “ALM tools”?
As we all know, ALM is a category that is hard to lock down in terms of what is considered an ALM tool and what is not. When it comes to security test tools, I am on the fence based on the type of application to be built. For example, if you are building embedded systems or operating level software then I would expect that the concept of security testing for security breach vulnerabilities might be done by the actual development team -- thus making security test tools part of your ALM tooling.
However, if you are building enterprise software, i.e., business applications, then I suspect that you will have security specialists to do this type of investigation and testing outside of the normal application development process and lifecycle. Right or wrong, this is what I typically see. In this case I would say your security test tools are actually part of the security management process and not part of ALM.
In either example, I think a solid security testing approach is something that any good application development shop should be on top of, whether they do the testing or share it with security specialists. Remember, from a business perspective, if you deliver application software that exposes your organization to risk, or worse, causes a real breach, then you will suffer severe consequences from both the costs associated with resolving the breach and the impact that it has on your company’s brand and reputation.
Dig Deeper on Topics Archive
Related Q&A from Mike Jones
The world of ALM tooling is always changing to overcome new challenges and better meet the needs of today’s application lifecycle. Here expert Mike ... Continue Reading
Modeling tools are a vital part of the ALM process, but how they integrate with each other varies greatly depending on the tool. Continue Reading
All development teams need to track requirements changes, but depending on the software development lifecycle and overall ALM process, the best ... Continue Reading