Security in the Software Life Cycle Essay Example | Topics and Well Written Essays - 750 words

Security in the Software Life Cycle - Essay Example As mentioned earlier there are several phases of SDLC, the first phase has been the Initiation phase. The five security controls that are required in the Initiation phase are: The software is meant for serving the purpose of the client and hence from a developer point of view, it must be ensured that business or client functionality requirements have been fulfilled. Hence in the initiation phase, we begin with the requirement document. It's about engaging the business partner in assessing the security aspects and risk associated and at the same time what could be done so that the protection needs of the software can be covered. The business in most of the cases wouldn't be aware of technical aspects of SDLC and integration of security in it. Hence a set of questionnaires are developed with the sole purpose being the transfer of security related technical issues of the software to the client while keeping things in the language of the business partner. The simpler language would enable developers in unraveling the security requirements of the proposed software. Software development in modern times is a combination of phases based on established norms. The concepts of software engineering as well testing is very useful when policies and standards are taken into consideration. Requirement specification document must include the development model preferred like the waterfall model, liner model or spiral model etc. Use of automated audit history would also help to manage the required changes as well analysis of the current stage of the development of the software. Identify Applicable Regulatory, Compliance, and Privacy Requirements: In this networked world, regulatory requirements have international implications. Service providers like www.amazon.com, www.ebay.com etc. have made their services available all across the world and hence they have to undertake both local and international considerations for regulatory, compliance and privacy requirements. In case of software for e-commerce, users are needed to provide their credit card details and the CVV number. Now, in this case, the website would need SSL certificate from VeriSign. Hence identification of the applicable regulatory, compliance and privacy requirements become a necessity so that software's portability could be without any physical and logical boundary.