Software Engineering Institute

A growing recognition of the importance of security throughout the life cycle has led to new initiatives strengthening ties for security within the SDLC. The role of process in support of security must also be expanded across the full life cycle. Progress has been made in linking security, the SDLC, and process improvement. This article summarizes recent key accomplishments, including an industry-led initiative to harmonize security practices with CMMI, the use of assurance cases, and NIST security considerations in the SDLC.