SecDLC stands for Secure Development Lifecycle. Have you tried it, yet?

In the recently concluded season of Game of thrones (*spoiler alert*), the White Walkers have breached the perimeter security (thanks to a new attack vector, the dragon) and now the seven kingdoms have to do more by themselves, than just hide behind a wall, which no longer exists!

Fast-forward to 21st century & things are no less fragile than the characters or tense than the situations of the fantasy drama. Here’s why:

“Over 70% of security vulnerabilities exist at the application layer, not the network layer” – Gartner

“The cost of fixing a bug in the field is $30,000 vs. $5,000 during coding” – NIST

“If only 50% of software vulnerabilities were removed prior to production, costs would be reduced by 75%” – Gartner

In a typical SDLC, continued pressure to develop products faster, cheaper, with ever increasing feature complexity can lead to the release of insecure products. This increases the overall cost ownership of the product or solution. With SecDLC, you can achieve :

  • Fewer vulnerabilities in released products
  • Reduced potential security breaches and resulting damages
  • Reduced application/product development and support costs
  • Enhanced coordination between security, engineering, and business
  • Enable the development of reusable security architecture components
  • Reduced cost and enhanced process improvement
  • Improved decision making
  • Improved regulatory compliance

By adopting SecDLC, security gets built into the applications themselves. Cyber-attacks have moved from layers 3 or 4 to the application layer (layer 7), looking to see if the applications/products themselves can be exploited to gain access to sensitive information.

For true “Defense in Depth”, security should be built into the applications and products themselves through the use of Secure Development Lifecycle (SecDL) methodology concepts.