You may (and if you're not a security professional, you may not) have heard about a term called "Security Development Lifecycle" or SDL. This term and it's vision was pioneered by Microsoft over a decade ago as they sought a way to handle the deluge of software security problems that was beginning to ruin their reputation and threaten the success of their business. Since Microsoft began to use the SDL, their reputation as a company that develops software that's not just functional, but also very secure has grown greatly.
But what is this thing called the SDL? Is it compliance, policy, or legal audits? Nope, it's not that, but it's simple!
Whenever and wherever you have an established framework that ensures that security is part of your entire software development process, you have a Security Development Lifecycle, and have most likely saved yourself lots of money down the line.
Here's something to keep in mind though... the software security development lifecycle that you use, should be tailored to your company stage, size, and of course your business and your product(s).
In future posts, we'll describe different types of SDL approaches.