As software service delivery becomes more large-scale and frequent, the need for a secure development lifecycle becomes critical. In this stage, the key objective is to build security practices into the development and operation teams.

The key differences and newly introduced security practices in this stage are as follows:

• Security shifts to the left and involves every stakeholder
• Architect and design review is required to do threat modeling
• Developers get secure design and secure coding training
• Operation and development teams are as a closed-loop collaboration
• Adoption of industry best practices such as OWASP SAMM and Microsoft SDL for security maturity assessment

There are be some learning curves or even resistance ...