| Why, with so many software development methodologies, security best practices, and available research for delivering secure software, are organizations still struggling to deliver secure software applications? Injecting security into software development processes is still a problem and one that cannot be solved by developers alone. Business applications are becoming more robust and are primarily Internet facing. This is leading to an increase in the focus for organizations to solve the issue of software development processes not delivering secure software. Organizations have developed sophisticated Software Development Life Cycle (SDLC) frameworks; however, addressing software security issues has not been fully addressed by these SDLC frameworks. Security is lagging in software development due to a lack of leadership involvement, governance for improving the process, accountability, rewards and recognition for improving the process, and processes for educating and motivating everyone in the organization. Organizational stakeholders need to overcome an emphasis on time-to-market and ease-of-use before advancing the injection of security into SDLC processes can be achieved. The main findings of this research paper indicate that effectively injecting security into SDLC processes requires leadership commitment and support for change. These issues will require organizational stakeholders and decision makers to influence the type of change required to be successful. Organizations that use the proposed model will be better-prepared to tackle the difficult task of injecting security into their SDLC frameworks. |
