I had a comment on my post early security engagement in projects - critical or a waste providing a link to a study. It asked for my thoughts on a December 2010 Aberdeen Group study titled "Security and the Software Development Lifecycle: Secure at the Source". The study has a headline: "Top Performers Invest More Annually in Their Application Security Initiatives, but Realize a Higher Return by Identifying and Remediating More Vulnerabilities Prior to Deployment". The key conclusion is that companies practising security at the source saw "a very strong 4.0-times return on their annual investment". I was asked. so here are my thoughts:
challenging axioms, here goes.
This is such a bad idea and will never work, and these are some of the reasons:
Written by Rakkhi Samarasekera