Saturday, January 22, 2011

How to infuse Security in SDLC

In most of SDLC methodologies (traditional or agile) security is last thought requirement. But as security cyberspace is swamped by lot of security threats, security requirements need to be infused in SDLC as soon as possible and must be tracked as diligently as any functional requirement.
To infuse security requirements in any piece of software, I generally follow a simple rule. Embed Security requirements as early as possible in SDLC.
I have tried illustrating this thought in following graphic.


I understand this illustration is very simple depiction due to variety of SDLC methodologies followed but something is better than nothing.

No comments:

Post a Comment