Many organizations are only now becoming aware of the need to incorporate security into their software development lifecycle. Raising awareness of common pitfalls is the first step to avoid falling prey to them, but awareness by itself is insufficient. Understanding security is one thing; applying that understanding in a complete and consistent fashion to meet security goals is quite another.
This paper explains why some commonly used approaches to security typically fail and outlines a development strategy for getting security right.
Gain a better understanding of: