News Web Server Security Phishing Database Security Application Server Security Library Vulnerability Archive Secure Development Web Services Pen Test AJAX Application Firewalls
Main -> Internet Security News
TOPIC'S
Advertising
Old News
About
Resume
Contact
FAQ
Irc
Links
Articles
Translate
Interviews
Commentary
Books
Demos
Papers
Downloads
Advisories
Contributions
Security Services
Submit News
Syndicated News


Hosting generously provided by
www.mv.com




Pick Your Language


Most Corporations Lack Proper SDLC
Posted 7/8/08 by Robert from the 'SDLC 4 lyfe' department

"The current state of secure software development by corporations both large and small is a mess.

Software vendors need to realize that they must begin exercising due diligence when producing their software products. Microsoft dedicated itself to secure development practices some years ago, yet its developers are still taking months to fix reported vulnerabilities. If an industry giant like Microsoft cannot get a grip, it really does not bode well for the rest of the industry.

While many companies make a passing attempt at improving their software products all too often other pressures win out. Software companies that will delay a products launch for the sake of a code audit, third-party threat testing, or an extended quality-assurance (QA) cycle are few and far between. Sadly, the secure development life cycle (SDLC) is not always adhered to by the software vendors, and the first casualty in this process is typically quality assurance." - Securityfocus

Part of my job involves creating an SDLC for the company I work for. Having spoke with many companies both large and small I agree with this article that most companies haven't figured out proper integration of security testing in development and QA. I consider this sort of initiative to still be fairly new to the industry with lots of room for improvement. The real challenge is finding the right balance for your specific development organization, and understanding that one approach does not fit all even within the same company.

Article Link: http://www.securityfocus.com/columnists/476
Link to this Story: Most Corporations Lack Proper SDLC
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed
Discuss this article    Find Related Stories



External Links:
Copyright 2000-2007 Cgisecurity.com.
Providing Web Security news since 2000.
Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape.
Website Security Web Application Security solid state drives ebay cd players camera lens deals buy macbook air not work safe software security canon camera deals


Popular Links By Subject

Sponsored Link (Advertise)


Subscribe to CGISecurity.com



The Web Security Mailing List
  • Re: [WEB SECURITY] definition of "web application security"?
  • RE: [WEB SECURITY] definition of "web application security"?
  • [WEB SECURITY] SSO & WebScarab
  • Re: [WEB SECURITY] definition of "web application security"?
  • RE: [WEB SECURITY] definition of "web application security"?
  • [WEB SECURITY] Re: SSO & WebScarab
  • Re: [WEB SECURITY] definition of "web application security"?
  • RE: [WEB SECURITY] SSO & WebScarab
  • [WEB SECURITY] Positive Security Model
  • Re: [WEB SECURITY] Positive Security Model

    • Contact us
    Post News, get linkage!

    Name

    Email or Homepage:

    Subject

    Finish the word below: deadb33f

    Body