Changing the SDLC to Produce Secure Applications

One of the hot topics in software development right now is “DevSecOps”, which stands for “development, security, and operations”, and loosely-defined means “producing secure applications through an continuous integrated automated build process”.  It is often mentioned in conjunction with an organization’s goal to “move security left” in the development process, with the goal of addressing security issues early on in the project plan. 

The focus of this article is strictly on the security aspects of DevSecOps.  Specifically, we will elaborate activities that can and should be integrated into the Software Development Lifecycle (SDLC) to produce secure applications.