This document provides a guideline for Secure Software Development Life Cycle (SSDLC) to highlight the security tasks for each phase involves in the development processes. SSDLC consists of six (6) phases; there are security requirement, security design, security development, security testing, security
deployment, and security maintenance phases.
This guideline describes security information such as security tasks, which incorporate into every phase in producing secure software to ensure the confidentiality, integrity, and availability of their information systems.
The applying of security tasks into the development life cycle are become vital and needed to clarify several problems. The high costs of remediation whenever the vulnerabilities have been identified after the deployment of the software become the major problem to the organization.
As consequences, it will be related to a breach and then give effect to an organization. Therefore, the organization needs to ensure the appropriate security controls with security tasks are in place throughout the development life cycle.
The organization should plan for security to incorporate security from the beginning of any software development. The organization has assured the appropriate security tasks included in the design phase to meet the requirement phase.
The processes continue for the development of software securely and assure the security requirements have been met during implementation. The organization should conduct ongoing reviews to maintain the appropriate level of security in the deployed software.
This guideline will suggest several security tasks of controls to ensure the development of secure software from the earlier processes. Organizations can take this SSDLC guideline to use it as a blueprint to apply the security control in all phases involved in secure software development processes.