Security Driven Life Cycle Model, Essay Example

As per a survey that was conducted by Software Productivity Research in 2009, inadequate software development leading to bad quality costs above $500 billion per year on a global level (Dave, 2011). Application is a core component of a computer that operates on an application layer of the Open System Interconnection (OSI) model. Everyone interacts with the application and not the hardware, if software quality is not present, Users will become reluctant to use it again. For instance, vulnerability is reported that may impose risks, bugs and errors, incompatibility issues etc. moreover, a news report of a new threat targeting user information may become a great challenge for organizations to sustain their business and customers. However, these news reports may lead to programming flaws and bad quality that may result in massive business losses. For a core banking application, errors, bugs or inadequate security measures cannot be ignored, as a single vulnerability may lead to a major threat for business. For this reason, integrating security in product lifecycle is the most important factor. As mentioned earlier, security breaches are now making headlines, as dependency on applications, mobile applications and online applications has sky rocketed. Users are now making complex online transactions from their cell phones and websites resulting in a rise of application threats. Consequently, there is a requirement of addressing security issues in an application to a relatively high degree. Moreover, many organizations purchase applications from the vendor that all imposes inherent risks that are not known by that time. A recommended solution for addressing application security must be conducted during the feasibility study. Integration of security controls followed with a secure application development approach will ensure quality and security of an application. Furthermore, deciding recommended security controls in a feasibility study will justify the cost of implementing and integrating them within the application. Traditionally, organizations are not addressing application security during the software development life cycle. They conduct security audits by auditors with specialized tools (Edwards, 2006) and with partial resources, at the end of a finished product making the security isolated. If any issue arises during the security audit in end stages of a software development lifecycle, it is more time consuming and expensive to address. Moreover, security auditors have their own criterion that is their primary objective. For instance, analyzing all risks are addressed or not, level of compliance by classifying vulnerabilities and controls for mitigating threats. All these issues are addressed before an official release of an application. Similarly, the development team has to ensure timely and cost effective development of the software modules and to make their name in the market first (Dave, 2011). Likewise, the audit report with a list of security vulnerabilities is submitted to the application development team for making any suitable changes (Dave, 2011). However, the report does not include any method or a hint of where these vulnerabilities exist. Developers on the other hand, launch the product as per schedule and therefore, security issues were not addressed. However, the best solution of addressing application security is in the software development life cycle, so that developers can rectify and remediate any security vulnerabilities through this process, as afterwards there is no time and the product launches without addressing security vulnerabilities that may result in major threats to organizations afterwards.

References

Dave, R. (2011). Best practices for tackling security early in development. Electronics World, 117(1908), 10-11.

Edwards, M. J. (2006). Audit your web applications for better security. Windows IT Security, 6(6), 6-10.