Barriers In Adopting Secure Sdlc Process

By Author: Naveen
Total Articles: 7
Comment this article

Although, there are some barriers for enterprises who wants to adopt Secure SDLC process.

Lack of Security Knowledge: Organisations are ready to adopt this Security as a part of their development process but their people are not. They do not give any security awareness training to their developers before getting started. This turns out as a biggest hindrance in adopting the process.

Lack of Security Professionals: According to different reports, organisations are facing the biggest issue of having the skilled security resources on board. The industry overall is facing the biggest resource crunch. The lack of appropriately staffed security personnel makes adoption of secure development extremely difficult.

Organisational Barriers: For a successful secure Development process it is very important for inter-departmental teams to have a continuous collaboration about the progress of the process. However, it has been seen that most of the organisations are facing the gap of communication between their security teams.

Cost Constraints: Secure SDLC is a process that involves a lot of skilled staff ...
... expert in different domains. And because of less supply of security resources, the ones available ask for a high pay. Not all organisations are capable of hiring these highly paid staff. Organisations should focus on their budget of tool cost, effort cost and resource cost at the earlier stage; to reduce their overall after damage repair cost later.

Customers Demand: In this competitive situation, customer’s always demand for fast delivery of the product. This puts developers in immense pressure to get features out to the market as fast as possible. Because of which they have to prioritize features and functionality of the product eliminating the security part of it.
Lack of Automation Process: Organisations should remove the barrier of analytics built in process with application security automation, which will automate the process and let developers focus on high risk priorities. This will also save both time and resources by lowering the overall risk exposure.

It Operations Organisations: According to researches, It has been seen that IT operations have very less knowledge of Security in an application and they are often found to be focusing more on infrastructure. According to them Application security is a manual process of Penetration testing and is the sole responsibility of Security team.

Apart From these above mentioned barriers there are other obstacles as well in adopting Secure SDLC process like organisations mind-set, They do not want to change their way of working hence they do not feel the need of such process.
Organisations do believe and understand the need of Security in Application development process, but they are still struggling to adopt the method because of these constraints. They have to realise the fact that Secure SDLC should be implemented at the early on and making it part of the development lifecycle culture, to be successful in the long run.