Updated: Feb 11
Software development is often an unguided missile. Coding standards are seldom in place, and developers decide what framework and libraries they will use for the implementation of their applications.
However, there are several excellent guidelines available which clearly describes the required measures to integrate security aspects in all software development steps. Personally speaking, I recommend the BSIMM guideline because it comes up with a maturity model and provides excellent benchmark metrics.
The table below contains a tailored, secure software development process according to BSIMM.
In this example, the company decided to reach a higher maturity in implementation and test phases while analysis and design phases a lower maturity is sufficient.
More than 75 companies around the world are using BSIMM and those regularly provide their benchmark metrics. In the finance sector, the maturity level is between 1.8 and 2.8. Businesses who decide to switch to BSIMM could therefore easily compare their current maturity with their competitors.
Also, regulatory authorities such as MAS have already policies in place which specify that some secure software development tasks such as code review and security testing have to be conducted pre-production.
Therefore, keep doing the good work and integrate security aspects in your software development chain.