TeamMentor™  - Software Development Teams

The Internet and various software development help systems provide some level of guidance to developers and testers as it pertains to secure development and QA, but the time involved can be extreme and the "answer" is usually varied, cryptic or wrong.

The Solution
TeamMentor provides expert knowledge, guidance, how-to’s, and samples that can resolve both challenges listed above. In addition to having confidence that things are implemented accurately, TeamMentor allows organizations to:

	Establish a baseline secure coding practice for itself and/or it's outsourced development partner(s)
	Track the status of each project and measure against the standard development practices specified
	Better manage the efforts of large development teams that are separated geographically and/or departmentally that may not use the same processes or techniques
	Share, extend, and customize the secure coding and testing activities – and integrate them into an existing knowledgebase or workflow management system

Use Cases

Coding and Testing Guidance
With immediate access to accurate information, software teams are guided thorough the process of implementing appropriate code and identifying security problems for the environments they’re working in. Content for specific activities or technologies can be found by filtering or searching; however, security novices can also be guided for just-in-time learning. TeamMentor content includes high-level Principles and Attack descriptions as well as Checklists, How To’s, and Samples that are specific to the development language in use.

Methodology-based guidance
Each development methodology includes areas where security is important, though they may not explicitly acknowledge it. This often leads to security not being addressed in the application being developed. TeamMentor walks development teams through important security aspects at each stage of the software development process and provides appropriate assets to be consumed. The User can locate and use appropriate security guidance within a specific methodology or seek specific guidance for surfacing security issues as part of the chosen methodology.

Authoritative Sources
When developers are tasked with creating/implementing secure functionality that they are not familiar with, they don’t always have and authoritative source for guidance. This results in developers searching for answers in non-authoritative or non-specific venues, which in turn may lead to improper and insecure implementation. TeamMentor provides specific guidance for implementing functionality in a particular environment securely with the level of detail needed for developers.

Customize for Continuous Learning

TeamMentor™ is a “learning” system capable of incorporating experience gained by the development team during the development process, and leveraging it in subsequent projects. Web 2.0 components such as collaboration, editorial comment and voting allow team members and larger user groups to discuss how specific guidance applies to their applications - and how to focus and extend it, and how valuable the asset is to their environment.

TeamMentor also provides an authoring capability so teams can make the content extensible by adding their own articles, samples, and experience to this continuously growing knowledge base of security best practices – making the TeamMentor knowledge base highly customized to your environment. Team managers can use this feedback and new content to grow and adapt TeamMentor to their specific environments, making it the most valuable single asset the team can own for security guidance.