How can an organization determine the most appropriate method and resources to implement security audit in their development lifecycle?
The three models explained in Ounce Labs’ whitepaper titled “Implementing Source Code Vulnerability Testing in the Software Development Lifecycle” represent common scenarios currently being used to successfully implement security audit processes in the development lifecycle and reduce security vulnerabilities. These audit models help establish criteria for assessing goals, resources, obstacles, and ultimately, the most favorable approach for individual organizations. Although it is clear that development organizations and processes each have their own distinct characteristics, the models outlined in this paper address the common elements that should be leveraged to achieve effective security auditing. The primary functions that must be served by existing IT staff or security audit experts brought in during implementation are: • Set security requirements: A manager or central source of IT security expertise defines what should be considered vulnerabilities and how to judge criticality b
Related Questions
- How can an organization determine the most appropriate method and resources to implement security audit in their development lifecycle?
- How do I use SHERPA/RoMEO to determine the journal publishers policy and appropriate submission method?
- How do screeners determine when additional security screening is appropriate?
