Read the original article: Using SSDLC to Prepare for Security Incidents
From a software engineer’s point of view, fixing a security issue can be equal to removing an opportunity to exploit a product. While from a security engineer’s point of view, such a fix is just putting a band-aid on a larger problem. Where is the balance?
If we look at software development from a security perspective, the security industry has distilled the development lifecycle into a clear process, which also fits both waterfall and agile development strategies (the most popular SSDLC methodologies are OWASP SSDLC, OWASP CLASP and Microsoft SDL).
Secure software development lifecycle (SSDLC) consists of several stages that go hand in hand with the development stages. A secure SDLC is set up by adding security-related activities to an existing development process.
Read the original article: Using SSDLC to Prepare for Security Incidents