I really like this approach – Assess the state of security within a development team and project as an indication of how well a project is going and how effective processes are working out.
It’s another one of those many obvious tests that we all do, but at times i’ve certainly found myself accepting insecurity within a project team as one of those things because the team are new to the pressures or software projects are always uncertain and as such stressful. With a little consideration, it’s clearly more useful to use perceptions of insecurity as more direct indications that change is required.
What might we be looking for? A few possible ideas:
- How secure are the developers about the quality and stability of their code?
- How secure are the developers about rolling code to the various hosting platforms?
- How secure are team members about their relationship with others on the team?
- How secure is the project manager about hitting the deadline?
- How secure is the account manager about conversations with the client?
- How secure are senior management about project and team performance?
The overall intention of improving security is to make everyone feel relaxed. Software development is meant to be fun after all!