Secure software development lifecycle
The last ten years of cyber security of proven that security cannot be tested in to software products. Software development and modern IT organizations are continuing to evolve their development cycle to include continuous testing and remediation of vulnerabilities, as the code is being developed. We call this Software Security Assurance.
“Joseph Fineman, Gartner
"Comprehensive software security involves a combination of people, processes, and technologies, and it almost always requires some change to the way the organization operates. As software security comes of age, using a maturity model will only help to accelerate your enterprise security initiative."”