Build security into the entire software development life cycle

Application software is always going to contain flaws. The trick is to catch the mistakes as early as possible, by building security into the entire software...

Application software is always going to contain flaws. The trick is to catch the mistakes as early as possible, by building security into the entire software development life cycle (SDLC), writes Peter Wood of the ISACA Conference Committee and founder of First Base Technologies.

Vendors that have formal security standards for coding, for example based on the OWASP methodology for web developers, stand a much better chance of releasing secure software.

Regular testing throughout the development cycle is also critical, as well as independent testing prior to release. Potential customers should seek assurance from vendors that their developers have been trained in good security practice, that they have formal security checks in place throughout the SDLC, and that they engage independent security testers before releasing product to their customers.

Read more expert advice from the Computer Weekly Security Think Tank >>

This was last published in May 2009

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close