Security should be at the forefront of minds when developing Enterprise-grade solutions, however, it rarely is. Black Marble’s Application Lifecycle Consultants are also skilled in implementing Microsoft's Security Development Lifecycle (SDL) into your development process to improve quality, reliability and long-term maintainability.
The SDL helps you build software that’s more secure by reducing the number and severity of vulnerabilities in your code, as well as helping your organisation comply with a variety of regulations and compliance issues.
The software that your organisation develops might need to comply with a variety of complex, ever-changing regulations. Incorporating SDL into your application development process helps your organisation meet many of the most current compliance requirements more efficiently.
The SDL is a software development security assurance process consisting of security practices grouped by seven phases of the traditional software development life cycle. The SDL process can be applied to different operating systems, platforms, development methodologies, and to projects of any size.
If your organisation builds software with one or more of the following characteristics, you should consider adopting the SDL:
- The software will be deployed in a business or enterprise environment
- The software must meet regulatory requirements for how data is transmitted, stored, and displayed
- The software communicates regularly over the Internet or other networks.
A secure development cycle is not a single product, it is the way the tools a team uses are applied to mitigate security issue. This obviously includes coding practices, code reviews and build process, but also it must include on going education of the whole development team to make them aware of the potential problems.
Black Marble can assist your team reviewing your current development process and putting a place a plan to improve the security of the code your team produces. This engagement will be delivered as a series of workshop and training sessions, the deliverable will be a report and a sample implementation of the type of tools that can be used to monitor your SDL efforts.