By: Steve Lipner, Executive Director, SAFECode

Large organizations have benefited from establishing and adopting Security Development Lifecycle (SDL) processes as a key component of their approach to delivering secure software. Many of these organizations have hundreds or even thousands of developers, and significant resources to devote to creating and operating an SDL. But what about the smaller organizations whose teams and resources are limited? They too have access to resources that can help them to adopt an SDL capable of delivering the level of software security their customers expect.

I outlined some of these resources in my recent presentation at Blackhat USA 2018. My briefing titled “SDL That Won’t Break the Bank”  described some approaches and resources that can help smaller organizations create effective SDL programs.

To view the presentation “SDL That Won’t Break the Bank” click here.

Some takeaways from my presentation:

  • Smaller organizations can have an advantage by being able to deploy an SDL focused on the products they produce and the technologies they use.
  • Smaller companies also can benefit from a wide array of free and affordable resources that can help them create and sustain an SDL program.
  • With management commitment to secure software and an investment in resources proportional to the size of the development team, it’s possible for small organizations to build an SDL program and deliver software that customers will find secure.

For more resources on software development click here.

My presentation only briefly described some of the resources that can support an SDL. The last slide includes links to a number of free resources. Key among these are SAFECode’s “Fundamental Practices for Secure Software Development” which provides comprehensive guidance for organizations large and small.