Software Integrity Blog

Building security into the SDLC without impacting velocity

Building security into the software development life cycle (SDLC) has become a common practice in many organizations. While security activities reduce security risks and implement compliance-focused requirements within software, they also require time and effort. Development teams are very feature and delivery driven. Requiring additional time and effort make security activities a low-priority, if even in consideration at all, on many developer’s mind. This is why minimizing the impact from security activities on delivery velocity becomes a key issue for an organization to address when implementing a secure SDLC.

Maintain velocity during development

Each security activity requires skilled resources, training, a goal-oriented process, tools and support. It’s important to consider the readiness of an activity before rolling it out to the development team. Performing these activities in an effective and efficient manner can minimize the impact on the velocity of development. On the other hand, an ill-planned security activity can impact the project schedule or even disrupt the development process.

The following strategic approaches can improve the effectiveness and efficiency of security activities, minimizing impact on the velocity of development.

Conclusions

Building security activities into an SDLC is a complex undertaking. A well-planned and properly supported set of security best practices can reduce security risks and implement compliance-focused requirements within the software. Proper training, automation, developer tools, standardization and support are key ways to become effective in performing these activities and reduce the impact on development velocity throughout the SDLC.