pl
en
While all experts understand the need for Secure Development Lifecycle solutions much of their popularity is still small given the number of places where code is being written. Ideally it would be to have SDL education, before any student will write and design the first line of code. Unfortunately, this is a model solution for which we will have to wait for a long time to happen. On the other hand, often when we talk about the SDL with the customers, we hear that this is too complicated and expensive to implement.
Other SDL field players see similar if not the same problems as well. For example, Microsoft released earlier this year a document entitled "Simplified Implementation of the Microsoft SDL." This is a very good publication, but again largely appreciated by people who understand the need for SDL already, even if they don’t know yet that this is the proper name. In order to implement SDL successfully top management is required to participate. The said document will not convince them unfortunately, even thou it describes SDL from simplified point of view, it still takes 17 pages where it should take not more than one.
For all those who have such a problem and are looking for solutions here is the really simplified SDL top management definition:
- SDL is not complicated to implement
- SDL generate real ROI
- SDL does not have to be expensive to implement
- SDL is cheaper than the loss of reputation