Most of the security issues today can be traced back to flaws in application development. With this in mind, consider how a company can integrate best practices into their software development standards.
- Review the SANS Institute’s InfoSec reading room paper titled “Integrating Security into Development, No Pain Required” found at How does the approach of the Security Development Lifecycle differ from the Software Development Lifecycle?
- Which method—Microsoft or Agile—would you use if you had to develop software, and why? What other available resource could you recommend to a company interested in implementing this approach? Share your examples with your classmates and provide links to any useful resources you find.
- After reading a few classmate postings, reply to the ones where you learned something new, or have something to add. Get in early to post your initial response and keep the discussion going.
Additional post option: Where does the ownership of security start? Who is responsible for ensuring that it is implemented