What does it mean to “bake” security into the software development life cycle?
Dr. Herbert H. Thompson: Baking security in means integrating security into each phase of the software development life cycle. It all starts with management buy-in; without the backing of key stakeholders in the business, any security improvement is bound to be sporadic and unsustainable. The next step is awareness; you’re likely to have a smart and dedicated development organization that would make more security-savvy decisions if they understood what the right things were to do for security. Each stage of the development lifecycle needs to consider security. In [the] requirements [stage], we need to understand not just the functional needs of customers, but their security needs as well. Some of these needs may be driven by legislation; others may only be uncovered by probing customers on what their biggest risks are. Different types of customers may require different security qualities, and it may come out in requirements analysis that you need “tunable” levels of security. One of th
Baking security in means integrating security into each phase of the software development life cycle. It all starts with management buy-in; without the backing of key stakeholders in the business, any security improvement is bound to be sporadic and unsustainable. The next step is awareness; you’re likely to have a smart and dedicated development organization that would make more security-savvy decisions if they understood what the right things were to do for security. Each stage of the development lifecycle needs to consider security. In [the] requirements [stage], we need to understand not just the functional needs of customers, but their security needs as well. Some of these needs may be driven by legislation; others may only be uncovered by probing customers on what their biggest risks are. Different types of customers may require different security qualities, and it may come out in requirements analysis that you need “tunable” levels of security. One of the best things you can do
