Let’s assume you have decided to implement secure coding practices using an SSDLC as discussed on my last article – let’s talk about how to go about implementing it. Changing your development practices is going to cost you time and money.
Even in the most enlightened and supportive organization, you will face challenges in introducing and sustaining the SSDLC in the face of ever-shifting priorities and pressures.
Here are some challenges you’re likely to face:
You may work in an organization that already understands that security investment is important. Maybe key customers are already making inquiries. If not, you are going to need to convince the business that an investment in security is in their best interest, because it will have a cost.