Over the past 10 years, software security has been an increasing concern. Traditionally, this has been addressed by highly technical activities, such as penetration testing, and highly general areas, such as ISO27001. Whilst useful, these do little to ensure the secure inception, design and implementation of many business’ core assets – their software.
Embedding security into the SDLC provides an organization with a scalable, proactive and in-depth assurance framework, by augmenting awareness, knowledge, guidance documentation and processes.
Whilst the benefits of doing so are clear, implementing a full SDLC may appear to be beyond the achievable or desired goals and capabilities of a typical organization; formal threat modelling, fuzzing, and full code review is simply too cost-prohibitive to be implemented across the business.
To assist in selecting and prioritising a pragmatic and repeatable set of controls and activities, a short BSIMM assessment is recommended to compare the observed practices with industry standard practices. Following this, key areas will be discussed to bring the organization up to an agreed Maturity Model Level.
MDSec frequently works with organisations to help embed specific sub-elements of an SDLC, including:
Related services include:
Speak to one of our industry experts and find out how MDSec can help your business.
+44 (0) 1625 263 503