How often we develop poorly but try to secure the application at the perimeter level? Is this even possible?
Regardless of the whatever the methodologies being applied for SDLC; there are certain things the team must focus on enforcing the cyber security. Whether you are on Agile, Waterfall or CICD; these “things” must not e skipped.
The Software Security Team/Group
For the past one and half decade there were no such people dedicated for the software security. People thought that lateral application testing would secure them. But no longer that omelet gonna serve and save at late night dinner.
The Software Security Team is dedicated team is responsible for above mentioned tasks. But how to build up a such capable team for the development life cycle when “Security” is more taught from the Network level than the Code level? Cyber Security professionals with coding skills are the answer.
There is going to be a great demand for such people in near future. How many network people can learn to code? and how many developers can learn to network?
If you have a bad idea how much it would cost to change your mind? 🙂
BSIMM – Building Security Into Maturity Model
BSIMM is being evolved over the time to over come these skill gaps with defined Phases and Activities. 12 Phases are further well defined for 120 Activities.
Current version is 10. Yes, the Model is a decade old!
Available at : https://www.bsimm.com/download.html