In the race to remain competitive, development teams in many companies are under tremendous pressure to create software on tight deadlines. And in most cases, that means dealing with security bugs only after software is released. But offensive testing and incident response are poor substitutes for good code, strong architecture, and threat-based design.
In this ebook, April C. Wright—security risk and compliance program advisor for a Fortune 15 company—teaches InfoSec professionals how to promote security as an integral part of an organization’s software development life cycle (SDLC). You’ll learn how to analyze existing development processes, gain insight into how developers and other stakeholders view software development, receive practical advice for including secure practices throughout the lifecycle, and learn how to track performance and success of your program.
- Get guidelines for evaluating your SDLC and rebuilding your development program
- Understand how developers, project managers, business execs, customers, and other key stakeholders each approach software development
- Gain active stakeholder participation and management support for SDLC security improvements
- Work directly with stakeholders to explain secure development, and push for change through policy and compliance
- Increase software security awareness by integrating development teams with security teams
- Get started through sample checklists and planning documents
Table of Contents
Fixing an Insecure Software Life Cycle
- The Status Quo of Software Development Life Cycles
- Understanding Stakeholders and Existing Process Mechanics
- Preparing to Rebuild the Program
- Working as a Unified Team
- Setting Expectations for Stakeholders
- Sample Checklists and Planning Documents
- Title: Fixing an Insecure Software Life Cycle
- Release date: May 2018
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492028215