ACS has developed a Secure Software Development Lifecycle (SSDL) Methodology; a rugged approach to the complete software development lifecycle. The SSDL works with traditional methodologies but has been designed to plug seamlessly into ACS’s Agility as a Service (AaaS) solution.
At ACS, we understand that Security cannot be ”tested into” an application or “bolted on” at the end of the software development lifecycle. Secure software activities need to be ”baked in” from the beginning and throughout the software development lifecycle.
As adversaries are targeting the Application layer, a holistic lifecycle approach to SwA must be implemented.
Traditionally, software developers have not been taught how to develop code securely and test it during build for security bugs and flaws. That is slowly starting to improve as awareness increases. However, existing developers need to be trained how to build code securely from the beginning, so that, by default, code is more secure.
ACS developers go through general SwA, as well as coding language specific (i.e. Java, .NET) training to strengthen secure development skills while maintaining knowledge currency.