Secure SDLC


Posted on by Divya Aradhya

What is SDLC?

A Software Development Life Cycle (SDLC) is a “framework that defines the process used by organizations to build an application from its inception to its decommission.”[1]
Over the years, multiple standard SDLC models have been proposed (Waterfall, Iterative, Agile, etc.) and used in various ways to fit individual circumstances.
SDLCs include the following phases:
  • Planning and requirements
  • Architecture and design
  • Test planning
  • Coding
  • Testing and results
  • Release and maintenance

In a traditional SDLC, security-related activities are only a part of the testing phase.

What is a Secure SDLC?

A Secure SDLC process ensures that security assurance activities such as penetration testing, code review, and architecture analysis are an integral part of the development effort.

A Secure SDLC approach to software development ensures-

  • More secure software – as security is a continuous concern in this approach
  • Awareness of security considerations by stakeholders
  • Early detection of flaws in the system
  • Cost reduction as a result of early detection and resolution of issues
  • Overall reduction of intrinsic business risks for the organization

The following image depicts how “security” is knit into each phase of the SDLC-

Going from SDLC to Secure SDLC

Every stakeholder should be educated, made aware, and brought onboard to the critical and integral role of security in developing software. Security is not after-thought, and while it is not a “constructive” action that brings in money, the loss of security can break a company completely. The days of software only doing what it should are long gone.

References-

1. What Is the Secure Software Development Life Cycle. (2016, October 20). Retrieved from https://www.cigital.com/blog/what-is-the-secure-software-development-lifecycle/