Re: The Organic Secure SDLC

[Rohit Sethi <rklists () gmail com>]

BSIMM is a reflection of how some of the most mature organizations add
security activities into their SDLC. The Organic Secure SDLC is simply a
reflection of how many organizations that do not have the same top-level
support for security gradually implement security into their SDLC. It
follows a path of least resistance rather than doing what's most cost
effective or even logical. It focuses on organizational challenges such as
how requirements anlaysts are often not motivated to integrate security even
if it's cost effective (
http://www.sdelements.com/secure-sdlc/software-security-throughout-life-cycle-9-steps/why-requirements-analysts-dont-usually-care-about-security/
)



On Mon, Jul 18, 2011 at 3:48 PM, Anurag Agarwal <anurag.agarwal () yahoo com>wrote:

> Rohit – How is this different from BSIMM? ****
>
> ** **
>
> Thanks,****
>
> ** **
>
> Anurag Agarwal****
>
> MyAppSecurity Inc****
>
> Cell - 919-244-0803****
>
> Email - anurag () myappsecurity com****
>
> Website - http://www.myappsecurity.com****
>
> Blog - http://myappsecurity.blogspot.com****
>
> LinkedIn - http://www.linkedin.com/in/myappsecurity ****
>
> ** **
>
> *From:* sc-l-bounces () securecoding org [mailto:
> sc-l-bounces () securecoding org] *On Behalf Of *Rohit Sethi
> *Sent:* Monday, July 18, 2011 2:45 PM
> *To:* Secure Code Mailing List
> *Subject:* [SC-L] The Organic Secure SDLC****
>
> ** **
>
> Hi all,****
>
> ** **
>
> Over the years we've had the opportunity to see the evolution of security
> in software development life cycles (SDLC) at many organizations. We've
> started to see patterns in how things evolve from a path of least
> resistance: from the bare minimum of production penetration testing through
> to security in requirements & QA.****
>
> ** **
>
> In order to help us assess where an organization stands in terms of
> application security maturity, we developed the Organic Secure SDLC model:
> http://www.sdelements.com/secure-sdlc/software-security-throughout-life-cycle-9-steps/
> ****
>
> ** **
>
> If you're an actual practitioner who has lived through developing a secure
> SDLC I'd love to hear your thoughts about the model's accuracy / relevancy.
> ****
>
> ** **
>
> If you know of any practical whitepapers / articles that might be of use to
> somebody responsible for moving to the next in this model then please let me
> know.****
>
> ** **
>
> Cheers,
>
> --
> Rohit Sethi
> SD Elements
> http://www.sdelements.com
> twitter: rksethi****
>
> ** **



-- 
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________