Creating a Virtual-First Line of Defense for Secure Software Development

Securing software delays its release and makes it harder for organisations to realise the maximum business benefit from developing software.

This quick read book argues that the root cause of the delay lies deep-seated in strategic security risk policies and the traditional three lines of defence.

The security risk policies mandate that all significant development changes are security risk assessed and provide the “three lines of defence” to perform these assessments. Where the “three lines” are capable of performing these assessments, they cannot deal with the assessment workload generated by modern-day development methodologies.

To address the delay, this quick read book first distinguishes between a vulnerability scan and a software security risk assessment that complies with the organisation's Risk management policy.

It then details a step-by-step guide to build a virtual first line of defence (FLD) that automates a software security risk assessment and integrates it into the development process.

The virtualisation and its resulting automation:

1. Ensures all significant development changes are risk assessed, compliant and secure.
2. Allows developers to assess their changes rather than waiting on the security risk team.
3. Results in shorter release cycles and enables organisations to realise the maximum business benefit of developing software.

See a sample section of the book on Google Books and Amazon, in Kindle and paperback format.