Securing Software Development: From SSDLC to Third-Party Risks

In this episode of 'The ITSM Practice' podcast, Luigi Ferri delves into the critical aspects of Secure Software Development Lifecycle (SSDLC), highlighting the shift from traditional SDLC to Security-by-Design. Through expert insights, the discussion covers the integration of security at every development phase, the role of third-party risk assessments, and the benefits of frameworks like NIST SSDF. The episode also emphasizes the necessity of cultural change within organizations to prioritize security in software development, offering practical advice for enhancing security postures against sophisticated threats.

In this episode, we answer to:

How critical is the importance of the Secure Software Development Lifecycle in today's tech-driven environment?

What steps can organizations take to evolve from Traditional SDLC to Security-by-Design?

How can organizations manage risks associated with third-party components in software development?

Resources Mentioned in this Episode:

Snyk, article "Secure Software Development Lifecycle (SSDLC)". link https://snyk.io/learn/secure-sdlc/

Hackerone, article "What Is the SSDLC (Secure Software Development Life Cycle)?", link https://www.hackerone.com/knowledge-center/what-ssdlc-secure-software-development-life-cycle

Synopsys, article "Secure SDLC", link https://www.synopsys.com/blogs/software-security/secure-sdlc.html

Vulcan, article "SDLC and secure coding practices: the ultimate guide for 2024", link https://vulcan.io/blog/secure-sdlc-best-practices/

Connect with me on:

LinkedIn: https://www.linkedin.com/in/theitsmpractice/

Website: http://www.theitsmpractice.com

And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:

Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya