Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

Home > Coverity > Building Security into Your Software Development Lifecycle

Building Security into Your Software Development Lifecycle

White Paper Published By: Coverity
Published:  Apr 20, 2012
Type:  White Paper
Length:  14 pages

Developing secure software is critical to a company's reputation and bottom line.  The impact of a software malfunction or security breech can result in a massive recall, millions in lost revenue, the loss of sensitive customer data, and a headline in the Wall Street Journal. With the ubiquity of software in everything from automobiles to investment trading applications more companies than ever are feeling the legal and financial pressure to assure the security of their code.  Faced with having to maintain software quality and security while accelerating innovation, companies with institutionalized, standard code development processes are looking for new ways to further reduce overall program risk. Traditionally, companies would perform security testing near the end of the software development lifecycle, prior to product release but that process can put release schedules at risk and late found defects cost more to address. To more effectively address security, some of these companies are now adopting secure development lifecycle initiatives where security deliverables are inserted in all phases of development.   As a result, companies are finding that the benefits of fewer security incidents, faster time to remediate and fewer audit deficiencies far outweigh the costs of implementing these initiatives. 

So, are secure development lifecycle initiatives merely academic, or can they truly serve as practical guidelines?  Are they within the reach of any but the largest companies? 

This white paper outlines a practical approach to implementing secure practices into the software development lifecycle. And it is only through bringing in security "from around the edges" and pushing past the traditional operation view of security by bringing into all phases of development that you can begin to build software systems that can stand up under attack.  

Tags : 
development, lifecycle, software, development, security, secure, practices, phases, protection, malfunction, breach, recall, revenue, attack