Secure Software Development Life Cycle (SSDLC)
The Secure Software Development Life Cycle (SSDLC) is a method of system development that incorporates security controls in every phase of the system’s lifecycle.
- contrasts with traditional SDLCs that focus on collecting and implementing functional (user) requirements
- produce software that works well but is not necessarily secure
- continuous process that parallels typical SDLC practices
- Each stage includes requirements to ensure that security is continuously monitored and improved
- focuses on integrating security from the very beginning
- shift left
- helps to ensure that software is both functional and secure
- Rather than treating security as a final step or post-deployment concern,
- distribute controls from requirements gathering through maintenance
- goal is to prevent vulnerabilities from forming, not just detect them after the fact