Methodology

Methodology and Industry Standards during Development

migVisor is developed using Agile methodologies.

Several requirements are highlighted here that allow us to integrate security into the agile development process:

1. Establishing testing and validation processes.

   1. Developers and testers evaluate their code from an attacker's perspective.

   2. Peer reviews are conducted regularly and include the same considerations.

2. Building security using user stories as a technique.

   1. User stories define the business requirements.

   2. User stories are then broken down into distinct tasks to be accomplished during and after development.

3. Developers in Charge of Secure Development.

   1. Responsible for secure development.

   2. Ensuring that all aspects of security are implemented by personal involvement in:

      1. Planning

      2. Security scans

      3. Fixing identified issues

4. Adaptation, iteration, and growth.

   1. Continually measure, adapt, and attempt to improve techniques and processes to keep security relevant as new tools and processes are introduced or changed.

   2. New features that involve connectivity/integration/user data and information are tested and validated by the development team who considers the security aspects of the feature.

5. Different environments for production, demo, test, and dev.

   1. Test and Dev environments do not hold real customer data or information.

   2. Demo environment does not hold real customer data.