- Existing development process does not consider security well enough
- Costs or delays due to security work are excessive. The security work is bottleneck in the development process
- Security related decisions are made ad-hoc, or are not documented for later reference
- Archiving a required security compliance needs separate actions beyond the secure development work done
- Development needs to systematically address technical GDPR requirements
- Security is seen as something pointless, bureaucratic, and not concerning the development
Secure Development Life Cycle (SDLC) coaching
The Secure Development Life Cycle (SDLC) coaching service is targeted to those organizations, who wish to thoroughly improve their own development process in order to fulfill their most security needs independently. The service is a set of steps to improve the security of a product by improving the process for creating a secure product. The process improvement aims at having efficient development process producing predictable and documented security.
Use cases
Value Proposition
- Security decisions are done and documented, supporting maintenance and security compliance
- The security work is done efficiently and aligned with development schedules
- Security work is visible, and the effort used can be measured
- Developers can use proper amount of time for security and are able to handle majority of the security work independently
- During the software maintenance 3rd party components are monitored for vulnerabilities
- Security work is meaningful and motivating for everyone involved
Lauri Paatero
Security Architect