Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Most organizations have a well-oiled machine with the sole purpose to create, release, and maintain
functional software. However, the increasing concerns and business risks associated with insecure
software have brought increased attention to the need to integrate security into the development process.
Implementing a proper Secure Software Development Life Cycle (SDLC) is important now more than
ever.
Use code scanning tools such as SecureAssist, Coverity, and Appscan Source
However, management must be involved in devising a strategic approach for a more significant impact.
As a decision maker interested in implementing a complete SSDLC from scratch, here’s how to get
started:
Perform a gap analysis to determine what activities/policies currently exist in the organization and
their effectiveness.
Set up a Software Security Initiative (SSI) by establishing realistic and achievable goals with
defined metrics for success. Processes for security activities should be formalized during SSI
setup.
Invest in hiring and training of employeesas well as appropriate tools.
Use outside help as needed.
https://www.synopsys.com/blogs/software-security/secure-sdlc/ 2/2