The Organic Secure SDLC

[Rohit Sethi <rklists () gmail com>]

Hi all,

Over the years we've had the opportunity to see the evolution of security in
software development life cycles (SDLC) at many organizations. We've started
to see patterns in how things evolve from a path of least resistance: from
the bare minimum of production penetration testing through to security in
requirements & QA.

In order to help us assess where an organization stands in terms of
application security maturity, we developed the Organic Secure SDLC model:
http://www.sdelements.com/secure-sdlc/software-security-throughout-life-cycle-9-steps/

If you're an actual practitioner who has lived through developing a secure
SDLC I'd love to hear your thoughts about the model's accuracy / relevancy.

If you know of any practical whitepapers / articles that might be of use to
somebody responsible for moving to the next in this model then please let me
know.

Cheers,

-- 
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________