Towards secure product development – The Secure Development Lifecycle

Word cloud of development process, design, development, programming, team

In an ever-changing world, where people are becoming more and more aware of cyber security, information security and data privacy and where the threat landscape is changing and developing, organizations and societies demand and need increasingly high-quality and secure services and products. Information security has become one of the product’s quality factors and competitive advantages. The Secure Development Lifecycle (SDL) framework is a way to meet these requirements.

The SDL is a perspective used in product development, where information security is considered at every stage of the product’s lifecycle, from definition to decommissioning. Thus, the framework expands the product development process with security aspects. The lifecycle can be generally divided into the following phases: definition, planning, implementation, testing, deployment, maintenance, and decommissioning.

The application of the framework improves the security and quality of the product, but also the quality of the work and creates conditions for the continuity of business operations. Security measures implemented afterwards are not long-lasting, comprehensive, and cost-effective solutions. Therefore, the product’s security should be seen as its primary feature and not just a secondary one.

Read the whole article here

Marjo Hanhikoski
Centria University of Applied Sciences
Project assistant

P.S. My final thesis about ISA/IEC 62443-4-1 standard – The Secure Product Development Lifecycle will be published soon.