Can you imagine developing a product these days through a process that never once considers the Internet? Utility, distribution, sales, marketing, back-end, and customer support are some of the constituent parts of your new product’s development that will never even brush up against the Internet. Tough to fathom such a circumstance in today’s environment. Even a resurgent buggy whip manufacturer is likely to secure www.buggywhip.com fairly early in the thought process.
Closer to the truth is the absolute connection between your products or services and the old interwebs, and for most of you, those products or services are offered through outward-facing applications with your name and reputation attached. If the security of those applications, from development to implementation to daily interaction is paramount — and we think it should be — you should get to know the knowledgeable folks at ICS.
The DL On SDL And AppSec
In a world where acronyms roam freely and impact broadly, SDL is one worth remembering. Originally a Microsoft commitment, the Secure Development Lifecycle is a process for standardizing best practices across developed products, services, and applications. Even if it’s not familiar, the acronym flows through the bloodstream of your organization. However, while the SDL does a great job of taking security seriously and disseminating details through open source, there is no rock solid industry standard execution of SDL. The entire process still involves people, and people are often vulnerabilities clothed in hipster plaid and pocket protectors.
The ICS Of AppSec
Your organization, like all others, is people who need people. And we know the right people. In fact, we are the right people. Application Security begins before the first line of code is even written and depends on processes like vulnerability assessments and penetration testing from design to launch and beyond.
So, before you reach out to people with products and services, make sure you reach out to the right people. ICS.