“Fixing an Insecure Software Life Cycle”, a book by April C. Wright (me) published by O’Reilly Media

Practical techniques for building security into existing software development

Book Title: “Fixing an Insecure Software Life Cycle”

OReilly Fixing an Insecure Software Lifecycle book cover authored by April C. Wright
“Fixing an Insecure Software Lifecycle” book cover

Authored by April C. Wright

Released May 2018

Publisher(s): O’Reilly Media, Inc.

ISBN: 9781492028215

Read Online via Safari Books Online: https://www.oreilly.com/library/view/fixing-an-insecure/9781492028222/

Book Description

In the race to remain competitive, development teams in many companies are under tremendous pressure to create software on tight deadlines. And in most cases, that means dealing with security bugs only after software is released. But offensive testing and incident response are poor substitutes for good code, strong architecture, and threat-based design.

In this ebook, April C. Wright—security risk and compliance program advisor for a Fortune 15 company—teaches InfoSec professionals how to promote security as an integral part of an organization’s software development life cycle (SDLC). You’ll learn how to analyze existing development processes, gain insight into how developers and other stakeholders view software development, receive practical advice for including secure practices throughout the lifecycle, and learn how to track performance and success of your program.

  • Get guidelines for evaluating your SDLC and rebuilding your development program
  • Understand how developers, project managers, business execs, customers, and other key stakeholders each approach software development
  • Gain active stakeholder participation and management support for SDLC security improvements
  • Work directly with stakeholders to explain secure development, and push for change through policy and compliance
  • Increase software security awareness by integrating development teams with security teams
  • Get started through sample checklists and planning documents