An ongoing process
For many companies applications are not something they write once and then ignore.
Applications are often products that are continuously developed, producing a stream of new releases. For such products risk assessment becomes an ongoing process, part of the overall product development lifecycle.
Integration of security engineering into the product lifecycle is therefore becoming increasingly important.
A Microsoft white paper Security for Modern Engineering describes how Microsoft have embedded security into the heart of their development process.
A key part of Microsoft’s approach is to automate vulnerability scanning through the use of tools like Fortify SCA. We shall introduce Fortify in week 2.
© University of Southampton 2017