A mature secure development lifecycle is more than just a checklist of secure development practices. It also encompasses all aspects of a healthy business process, such as program management, stakeholder engagement, deployment planning and measurement. SAFECode members lead some of the largest software security programs in the world and are committed to sharing what they’ve learned to help others create, improve and manage their own software security initiatives.
Secure Development Practices Aren’t Enough
A key principle guiding SAFECode’s work has always been our belief that secure software development can only be achieved with an organizational commitment and a holistic assurance process. But what does that mean in practice?