Core Software Security by James Ransome, Anmol Misra

4

Architecture (A2): SDL Activities and Best Practices

During the second phase of the security development lifecycle, security considerations are brought into the software development lifecycle to ensure that all threats, requirements, and potential constraints on functionality and integration are considered (see Figure 4.1). At this stage of the SDL, security is looked at more in terms of business risks, with inputs from the software security group and discussions with key stakeholders in the SDLC. Business requirements are defined in the security terms of confidentiality, integrity, and availability, and needed privacy controls are discussed for creation, transmission, and personally identifiable information (PII). SDL policy and other security ...