Mitigating software security risk under time and budget constraints through the use of Secure Development Lifecycle (SDL).
As a programmer you will be involved in risk management, which includes evaluation and mitigation. How do you feel time constraints and budget would impact your ability to determine which mitigation method to select? Is there a specific methodology you feel warrants more consideration than others?
Pictured, is a the project management triangle; it’s a representation of a project’s quality based on three competing variables: time, cost, and scope (Long, 2020). In software development, security features factors in to the quality of an application because it belongs to the variable of scope, which is related to the functions and features of an application (better known deiverables). Software security falls under the umbrella of cybersecurity , which is concerned with the confidentiality, integrity, and availability of information (this is known as the CIA triad of information security).
In an application, if any of the resources, such as the code or the data, is compromised, then it poses a risk to its users as the application becomes unreliable or even worse, harmful. This is why software deveopers must use a variety of risk mitigation techniques to ensure that final product is as secure as possible given the scope of the project, the budget they’ve received, and withitn the time-frame they’ve been given.
In regards to the prompt’s second question, whether there’s a specific methodology that warrants more consideration than others, this may sound cliché, but it all depends on the skills and experience of the programmer or software development team, and the resources they are provided with. However, based on my research and experience, software development teams that have adopted a secure development life cycle (SDL) approach to application security fair better than ones that do not (Positive technologies, 2020). The are many SDL methodologies that exist created by a variety of organziatons, such as Microsoft and OWASP SDLs. Discussion on the the various SDL methodologies are beyond the scope of this article if you'd like to find out more regarding them, a good place to start is on this article by Positive Technologies: How to approach secure software development.
If the prompts’s second question is referring to not actual methodologiess, but instead the three variables competing within the project management triangle, my answer, then, is time. It’s the only variable on the tirangle that everyone has equal amounts of, yet the value of each person’s time varies based on the ability to save the time of others by accelerating the pace at which something demanded is provided.
References:
Long, M.R. (2020, June 2019). The 7 Best Project Management Tips for Beginners. From URL https://www.fool.com/the-blueprint/project-management-tips/
Postive Technologies. (2020, February 20). How to approach secure software development. Retrieved from URL https://www.ptsecurity.com/ww-en/analytics/knowledge-base/how-to-approach-secure-software-development/