Access your Pro+ Content below.
Software lifecycle: App security still struggling to find a fit
This article is part of the April 2013, Volume 1, Number 2 issue of Business Information
I was shocked the first time I heard the words "security" and "software lifecycle" used in the same sentence. Wasn't security something that happened after the development process, not during it? My understanding of what security entailed changed forever 10 years ago, when, as a reporter covering software development, I was assigned the brand-new application security beat. Jennifer Lent And what a great beat it was. Venture capital firms were investing serious money in security startups such as Fortify Software. Along with SPI Dynamics and Watchfire, among others, Fortify advanced an idea most software professionals hadn't heard before: Instead of waiting for the security team to erect a fortress around Web applications and data, developers and testers could rely on tools -- source code analyzers and dynamic pen testers -- to help create code that was inherently harder to attack. Surely this new approach of building security into the software lifecycle could help stem the tide of high-profile data thefts that kept making ...