As Software becomes more complex, it is critical to incorporate security from the very inception of the system rather than an afterthought. With the rapid shifts in technology and increasingly sophisticated threats, cybersecurity considerations are a critical factor, expressly for systems utilizing decades-old software applications, still operational due to specific mission criticalities. These highly complex systems with millions of lines of software codes are progressively difficult to maintain over time due to software and hardware security obsolescence. An argument in favor of software assurance lies in the report by the Software Engineering Institute (SEI) that estimates that 90 percent of incidents stem from defective software according to the DoD Developer’s Guidebook for Software Assurance.
Incorporating security control measures early on in the software development process will benefit in terms of cost savings and manpower utilization throughout the lifecycle management, thus increasing the reliability and maintainability of the software. This article reiterates commonly observed best practices that can help enhance any organization’s software security practices whether using traditional, agile or development operations (DEVOPS) methods for new code or integration.
CAC/PIV holders can watch or download the podcast here: