PRO+ Premium Content/Business Information

Thank you for joining!
Access your Pro+ Content below.
April 2013, Volume 1, Number 2

Software lifecycle: App security still struggling to find a fit

I was shocked the first time I heard the words "security" and "software lifecycle" used in the same sentence. Wasn't security something that happened after the development process, not during it? My understanding of what security entailed changed forever 10 years ago, when, as a reporter covering software development, I was assigned the brand-new application security beat. Jennifer Lent And what a great beat it was. Venture capital firms were investing serious money in security startups such as Fortify Software. Along with SPI Dynamics and Watchfire, among others, Fortify advanced an idea most software professionals hadn't heard before: Instead of waiting for the security team to erect a fortress around Web applications and data, developers and testers could rely on tools -- source code analyzers and dynamic pen testers -- to help create code that was inherently harder to attack. Surely this new approach of building security into the software lifecycle could help stem the tide of high-profile data thefts that kept making ...

Features in this issue

News in this issue

Columns in this issue