Hi all,
Over the years we've had the opportunity to see the evolution of security in
software development life cycles (SDLC) at many organizations. We've started
to see patterns in how things evolve from a path of least resistance: from
the bare minimum of production penetration testing through to security in
requirements & QA.
In order to help us assess where an organization stands in terms of
application security maturity, we developed the Organic Secure SDLC model:
http://www.sdelements.com/secure-sdlc/software-security-throughout-life-cycle-9-steps/
If you're an actual practitioner who has lived through developing a secure
SDLC I'd love to hear your thoughts about the model's accuracy / relevancy.
If you know of any practical whitepapers / articles that might be of use to
somebody responsible for moving to the next in this model then please let me
know.
Cheers,
--
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi
--
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi
Hi all,
Over the years we've had the opportunity to see the evolution of security in
software development life cycles (SDLC) at many organizations. We've started
to see patterns in how things evolve from a path of least resistance: from
the bare minimum of production penetration testing through to security in
requirements & QA.
In order to help us assess where an organization stands in terms of
application security maturity, we developed the Organic Secure SDLC model:
http://www.sdelements.com/secure-sdlc/software-security-throughout-life-cycle-9-steps/
If you're an actual practitioner who has lived through developing a secure
SDLC I'd love to hear your thoughts about the model's accuracy / relevancy.
If you know of any practical whitepapers / articles that might be of use to
somebody responsible for moving to the next in this model then please let me
know.
Cheers,
--
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi
--
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi
