Social Network For Security Executives: Network, Learn & Collaborate
I have seen several organizations trying to adopt secure SDLC and failing badly towards the beginning. One of the biggest reason is they try to use “Big Bang Approach”. Yeah, there are several consultants who will push you to go for a big project use the classical waterfall model to adopt secure SDLC. But that’s asking too much. Changing the habits of a group is not very easy.
Typically there is a big push back and depending on how determined you are and the amount of dedicated resource you have either the exercise will be a half hearted success or a failure. However, with less effort than that you can be more successful. Here is how.
( Read More: 5 Major Types Of Hardware Attacks You Need To Know )
Define only one small area (in terms of secure coding) or a small group and implement the most important coding guidelines you want to implement. Keep the number of stuff minimal so that you get the least pushback in adoption and start building the desirable habit/mindset among the users. During this phase make sure you have the following:
Now that you have done a small implementation and have gone through the learning, you will better equipped to implement for the larger organization or for the larger domain. I am not discussing the details of this phase here since I wanted to focus on the “Lean model” of “Starting Small”.
This is a re-post of the blog originally published on CISO Platform
Link to original blog: http://www.cisoplatform.com/profiles/blogs/secure-sdlc-implementati...