← Cybersecurity Alphabet Soup

SSDLC

Secure Software Development Life Cycle

appsecmedium

An SSDLC weaves security activities into every phase of software development: threat modeling during design, secure coding standards during implementation, security testing before release, and monitoring in production. The goal is to catch flaws early, when they are cheapest to fix, instead of bolting security on at the end. Frameworks like NIST's SSDF describe what a good SSDLC should include.

Sources

More in appsec