What is SDLC?
- Planning and requirements
- Architecture and design
- Test planning
- Coding
- Testing and results
- Release and maintenance
In a traditional SDLC, security-related activities are only a part of the testing phase.
What is a Secure SDLC?
A Secure SDLC process ensures that security assurance activities such as penetration testing, code review, and architecture analysis are an integral part of the development effort.
A Secure SDLC approach to software development ensures-
- More secure software – as security is a continuous concern in this approach
- Awareness of security considerations by stakeholders
- Early detection of flaws in the system
- Cost reduction as a result of early detection and resolution of issues
- Overall reduction of intrinsic business risks for the organization
The following image depicts how “security” is knit into each phase of the SDLC-
Going from SDLC to Secure SDLC
Every stakeholder should be educated, made aware, and brought onboard to the critical and integral role of security in developing software. Security is not after-thought, and while it is not a “constructive” action that brings in money, the loss of security can break a company completely. The days of software only doing what it should are long gone.
References-
1. What Is the Secure Software Development Life Cycle. (2016, October 20). Retrieved from https://www.cigital.com/blog/what-is-the-secure-software-development-lifecycle/