The transformation of applying security in a product company is no easy task. There are upfront costs in capital, design and engineering effort, and in the long term, the company needsto have the determination to get on and stay the path. Yet this investment has a real benefit that pays for the cost of product differentiation and the ability to compete better and in other intangible ways. For now, consider some of the practical issues with taking the X.805 standard from good theory to real practice.

The experience to date with applying the X.805 standard is still in a formative stage within Alcatel-Lucent. While there is still limited experience (and much to learn as the program matures), the results are already clear enough to draw some early conclusions. This approach is transformative and can identify vulnerabilities consistently. Thus far, they have ranged from those that would have minor impacts if exploited, to security issues that could have significant impacts on an organization. Some of these vulnerabilities should never have been there in the first place. The process to catch these and correct them was missing.

One lesson learned is something already known but not well applied with the global nature of product development: A product development ...