Developing secure software is critical to a company's reputation and bottom line. The impact of a software malfunction or security breech can result in a massive recall, millions in lost revenue, the loss of sensitive customer data, and a headline in the Wall Street Journal. With the ubiquity of software in everything from automobiles to investment trading applications more companies than ever are feeling the legal and financial pressure to assure the security of their code. Faced with having to maintain software quality and security while accelerating innovation, companies with institutionalized, standard code development processes are looking for new ways to further reduce overall program risk. Traditionally, companies would perform security testing near the end of the software development lifecycle, prior to product release but that process can put release schedules at risk and late found defects cost more to address. To more effectively address security, some of these companies are now adopting secure development lifecycle initiatives where security deliverables are inserted in all phases of development. As a result, companies are finding that the benefits of fewer security incidents, faster time to remediate and fewer audit deficiencies far outweigh the costs of implementing these initiatives.
So, are secure development lifecycle initiatives merely academic, or can they truly serve as practical guidelines? Are they within the reach of any but the largest companies?
This white paper outlines a practical approach to implementing secure practices into the software development lifecycle. And it is only through bringing in security "from around the edges" and pushing past the traditional operation view of security by bringing into all phases of development that you can begin to build software systems that can stand up under attack.
DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Our portfolio of live events, online and print publishing, business intelligence and professional development brands are centred on the complexities of technology convergence. Operating in 42 different countries, we have developed a unique global knowledge and networking platform, which is trusted by over 30,000 ICT, engineering and technology professionals.
Data Centre Dynamics Ltd.
102-108 Clifton Street
London EC2A 4HW