Software Security Governance in the SDLC

A Practical Guide from Accenture and Ounce Labs

As the impact of insecure applications on data security becomes clearer, organizations with a strong commitment to data integrity and privacy are taking concrete, measurable steps to ensure the software systems that control data are developed securely.  In this white paper, two of the leading experts in application security present the step-by-step approach organizations must take to ensure they are meeting the new emerging standard of due care and software security governance in the software development lifecycle.

Already registered? Sign in.

With this paper, you will understand how to:

  1. Plan for security: incorporate security from the beginning of any development project.

  2. Design for security:  ensure that the appropriate security mechanisms are included in the design to meet the articulated business requirements from the first phase.

  3. Build for security: ensure that development management and teams have the skills required to develop software securely.

  4. Deploy for security:

  5. conduct ongoing reviews to maintain the appropriate level of security in the deployed system.

This paper will examine in detail the drivers for this new form of governance and offer practical advice for introducing the right process, skills, tools, and metrics into the system to insure appropriate governance is achieved in a cost-effective manner.

Get the details on how to ensure your software is secure.

About Ounce Labs, Inc.

Ounce Labs’ solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Ounce Labs’ software analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues.

Unique in its ability to scale across an organization's entire portfolio of applications, Ounce is used enterprise-wide by many of the world's most security-conscious organizations, including EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Government Accountability Office, Unisys and VeriSign.

Led by senior executives with deep enterprise software and security expertise, Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit www.ouncelabs.com.

back to top