HOME > SECURITY RESOURCES > WHITE PAPER ABSTRACT
These library resources require an Ounce Labs ID. Log in or register.
Software Security Governance in the SDLC:
A Practical Guide from Accenture and Ounce Labs
History has shown: where headlines and breaches go, regulation and the need for governance follow. As the impact of insecure applications on data security become ever more clear, organizations with a strong commitment to data integrity and privacy are taking concrete, measurable steps to ensure the software systems that control data are developed securely. In this white paper, two of the leading experts in application security from Accenture and Ounce Labs present the step-by-step approach organizations must take to ensure they are meeting the new emerging standard of due care in the software development lifecycle. It will detail how to ensure the appropriate security controls are in place in the software development lifecycle.
With this paper, you will understand how to:
- Plan for security: incorporate security from the beginning of any development project, using risk management processes to derive security requirements from business objectives.
- Design for security: ensure that the appropriate security mechanisms are included in the design to meet the articulated business requirements from the first phase.
- Build for security: ensure that development management and teams have the skills required to develop software securely, and that the technology and processes are in place to make certain that the security requirements have been met during implementation.
- Deploy for security: conduct ongoing reviews to maintain the appropriate level of security in the deployed system, and use consistent risk processes to prioritize and remediate vulnerabilities across software releases.
This paper will examine in detail the drivers for this new form of governance and offer practical advice for introducing the right process, skills, tools, and metrics into the system to insure appropriate governance is achieved in a cost-effective manner.
Featured Speakers
- Anthony Gerkis, Sr. Mgr, Security Technology Consulting, Accenture
- Jack Danahy, CTO and Founder, Ounce Labs