Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Coding: SDLC Integration Sixfold Path

Published bySimone St-Hilaire Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure Coding: SDLC Integration Sixfold Path"— Presentation transcript:

1 Secure Coding: SDLC Integration Sixfold Path

2 Secure Coding Requirement
Problem Set Secure Coding Requirement Security Organization Development Organization The Business

3 Landscape of Methodologies
Problem: Either too general Or custom tailored – not Business focused! BSIMM Microsoft SDL OWASP CLASP SAMM AGILE TSP-Secure Software CBK

4 SixFold Path to Secure Coding in SDLC
Right Leaders Security Business Development Right Plan Phased approach Education Developers Business / Management Right Process SDLC Integration Tools

5 SixFold Path to Secure Coding in SDLC
Right Skill sets Language SME’s Vulnerability Assessment / Identification Understanding of SDLC, Project Mgmt, and Risk Mgmt Right Policies Right Traceability Centralized and standardized code framework Defect tracking of vulnerabilities Standard reporting regardless of tool/approach Metrics Governance

6 Planning / Requirements
Development QA

Download ppt "Secure Coding: SDLC Integration Sixfold Path"

Similar presentations

Role, Responsibilities and Methodologies in the Next Decade.

Role, Responsibilities and Methodologies in the Next Decade.
Software Assurance Maturity Model

Software Assurance Maturity Model
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© 2013 IBM Corporation Tivoli and Maximo Quality Improvement Initiatives March 2014.

© 2013 IBM Corporation Tivoli and Maximo Quality Improvement Initiatives March 2014.
Rational Requisite Pro Usage at NYSDOT BA CoP 10-20-2011.

Rational Requisite Pro Usage at NYSDOT BA CoP
2003 Indigo Technology, Inc. All Rights Reserved Integrated Process Teams Process Management Quality Assurance Configuration and Data Management Program.

2003 Indigo Technology, Inc. All Rights Reserved Integrated Process Teams Process Management Quality Assurance Configuration and Data Management Program.
A framework for describing IT Project Management Processes and Tool Set Features Enterprise Project Management Framework.

A framework for describing IT Project Management Processes and Tool Set Features Enterprise Project Management Framework.
IS6112 Application Modelling and Design Introduction.

IS6112 Application Modelling and Design Introduction.
Alternative Methodologies Ken Peffers UNLV March 2004.

Alternative Methodologies Ken Peffers UNLV March 2004.
©2009 Gotham Digital Science, LLC Software Assurance with SAMM 21 Sept 2009, SOURCE Barcelona Matt Bartoldus

©2009 Gotham Digital Science, LLC Software Assurance with SAMM 21 Sept 2009, SOURCE Barcelona Matt Bartoldus
Software Engineering: A Practitioner’s Approach, 6/e Chapter 2 Process: A Generic View copyright © 1996, 2001, 2005 R.S. Pressman & Associates, Inc.

Software Engineering: A Practitioner’s Approach, 6/e Chapter 2 Process: A Generic View copyright © 1996, 2001, 2005 R.S. Pressman & Associates, Inc.
Course Retrospective Richard Anderson CSE 403 Lecture 27.

Course Retrospective Richard Anderson CSE 403 Lecture 27.
Maintaining Information Systems Class 27. SDLC Project Identification & Selection Project Initiation & Planning Analysis Logical Design Physical Design.

Maintaining Information Systems Class 27. SDLC Project Identification & Selection Project Initiation & Planning Analysis Logical Design Physical Design.
Roy Budhai Sr. ST Manager, Reporting and Visualization Oct, 2010 Continuous Testing Improvement.

Roy Budhai Sr. ST Manager, Reporting and Visualization Oct, 2010 Continuous Testing Improvement.
Project Management Methodology More about Quality Control.

Project Management Methodology More about Quality Control.
CMM Level 3 KPA’s CS4320 Fall 2003. Organizational Process Focus (Goals) Software process development and improvement activities are coordinated across.

CMM Level 3 KPA’s CS4320 Fall Organizational Process Focus (Goals) Software process development and improvement activities are coordinated across.
PV213 EIS in Practice: 04 – Quality assurance1 PV213 Enterprise Information Systems in Practice 04 – Quality assurance.

PV213 EIS in Practice: 04 – Quality assurance1 PV213 Enterprise Information Systems in Practice 04 – Quality assurance.
Lean and (Prepared for) Mean: Application Security Program Essentials Philip J. Beyer - Texas Education Agency John B. Dickson.

Lean and (Prepared for) Mean: Application Security Program Essentials Philip J. Beyer - Texas Education Agency John B. Dickson.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Measuring Security Best Practices with OpenSAMM Alan Jex SnowFROC 2013.

Measuring Security Best Practices with OpenSAMM Alan Jex SnowFROC 2013.

Similar presentations

Ads by Google