SDLC has evolved from the decade-old definition by Microsoft to Agile transformation and is finally trying to catch up with cloud development velocity. While the process is well understood in the industry, the execution varies a lot. How many times has it happened that we discovered a feature with security impact at the time it is getting shipped, or when a customer raises a concern and it is escalated to the security team, or in the worst case scenario, when there is a security incident? We end up asking how this feature shipped in the blind spot of the security team?
Organizations have tried to solve this problem by adding more people to SDLC teams, adding Security Champions/Advocates in development orgs, and adding lengthy questionnaires which developers love to ignore....
By: Mrityunjay Gautam , Pavan Kolachoor
Full Abstract and Presentation Materials: [ Ссылка ]
Ещё видео!