Software Development Processes
As much as anyone would like to pontificate on the software development process, information security policies should stay away from this debate. If your organization has software development policies and procedures, the developers might loathe having their processes changed. Otherwise, this can be the catalyst to develop procedures. In either case, the place where information security policies fits into the software development process is in augmenting their efforts and ensuring that security is considered during design and development.
Identifying Software Development Responsibilities
Security policies for software development should identify where the responsibilities lie in promoting secure development ...