Be the first to like this
According to a study made by Microsoft Security Intelligence Report, application vulnerability are reported as much as 4 times more often than browser or operating system vulnerabilities combined. This growing danger needs to be approached from two different, yet complementary perspectives:
1. Companies should first start to acknowledge the importance of software application risk management and then implement security objectives and measures into the SDLC. The question here is how should they do this? What are the best practices and what are the general compliance requirements and regulations?
2. Handling software security in applications should be done after compliance rules. However, despite the existence of some authorities and regulations in this field, the general compliance requirements are still insufficiently detailed and are subject to change and improvement.
Since companies should follow the existent compliance requirements, but the latter seem to lack a coherent and explanatory guidance, the question of aligning application security to compliance requirements becomes a great challenge.
Why aren't companies paying enough attention to application risks and its security? Why is the latter so difficult to implement? What are the best practices than can be approached to do it, while still following the general regulations?
The following white paper extensively treats these questions and proposes to analyze the following:
1. How to align software development processes with corporate policies.
2. How to align software development activities with compliance requirements.
3. How to define an action plan to identify and remediate gaps between current and best practices.