As some of you may know, I am a member of the Institution of Engineers in Australia and hold a CPENG. Part of maintaining a CPENG is to gain CPEs, a concept we are all familiar with. Recently, I attended a webinar about “Replacing the Fitzroy River Bridge — Western Australia” (IEAust, 2024). The intriguing aspect of this webinar was the design and construction of the bridge. They employed a contract methodology known as Alliance Contracting (Department of Infrastructure and Regional Development, 2015). This method differs from all other contractual arrangements in that it emphasises collaboration and support rather than deliverables. In this arrangement, the alliance, which includes all stakeholders and the customer, are responsible for the project.
The Alliance Design Methodology is an integrated procurement method for infrastructure projects. Under an alliance contract, a government client collaborates with private suppliers to deliver the project (Department of Infrastructure and Regional Development, 2015). This approach is most suited to complex projects where there is a high degree of uncertainty or risk. I believe the “High Degree of Uncertainty and Risk” applies to most software projects.
In my experience, the major failure in Application Security programs is due to a lack of collaboration. The security team, being the SME in security, is often considered infallible, and developers are expected to follow their directives. Unfortunately, this ideology leads to failure, as the security team is not always correct, and there are many considerations in the development process that the security team may overlook. I believe that adopting an approach similar to the Alliance methodology could lead to success. My suggestion would be to keep a goal of collaboration in mind. It’s not about who is right or wrong, but rather, we are right together. Setting up communication parameters, ensuring everyone understands their responsibilities and promoting open communication without blame for mistakes is key. The core concept would be to deliver a project together (security, developers, designers, product owners, etc.) rather than following a hierarchy.
I believe this approach would yield excellent results. I have seen it in action, and it works wonders. It encourages junior members to become more involved and senior ones to be more understanding and compassionate in the decision-making process. Ultimately, the biggest winner is the customer, who receives a top-quality product that meets their needs and is secure.
Disclaimer: I used Microsoft Copilot to assist with the production of examples, grammar and spelling. Acknowledgements have been provided as references to the information I researched for this blog.
References
Department of Infrastructure and Regional Development. (2015). National Alliance Contracting Guidelines Guide to Alliance Contracting. Commonwealth of Australia.
Institution of Engineers Australia (IEAust). (2024). Replacing the Fitzroy River Bridge — Western Australia. Webinar attended April 17, 2024.
Microsoft Copilot. (2024). Graphic representation of Alliance Contracting. Digital Image. Created April 18, 2024.
