An ounce of prevention is worth a pound of cure
 Protect customers with more secure
software
 Reduce the number of vulnerabilities
 Reduce the severity of vulnerabilities
 Address compliance requirements
 Proactive, forward-thinking
 Eliminate redundancies, coordinate
processes
 Improve productivity
 Reduce cost
 NIST estimates that code fixes
performed after release can result in
30 times the cost of fixes performed
during the design phase
 Additional costs may include a
significant loss of user productivity and
confidence.
 Secure by design
 Secure architecture, design, and structure
 Threat modeling and mitigation
 Elimination of vulnerabilities
 Improvements in security
 Secure by default
 Least privilege
 Defense in depth
 Conservative default settings
 Avoidance of risky default changes
 Less commonly used services off by default
 Secure in deployment
 Deployment guides
 Analysis and management tools
 Patch deployment tools
An ounce of prevention is worth a pound of cure
Training
Requirements
Design
Implementation
Verification
Release
Response
Security Training
Secure design
Threat modeling
Secure coding
Security testing
Privacy
Response
Execute response plan
An ounce of prevention is worth a pound of cure
Training
Requirements
Design
Implementation
Verification
Release
Response
Requirements
Security requirements
Quality gates
Bug bars
Security and privacy risk
assessment
Design
Design requirements
Attack surface reduction
Threat modeling
An ounce of prevention is worth a pound of cure
Training
Requirements
Design
Implementation
Verification
Release
Response
Implementation
Use approved tools
Deprecate unsafe functions
Static analysis
Verification
Dynamic program analysis
Fuzz testing
Threat modeling
Release
Incident response plan
Final security review
An ounce of prevention is worth a pound of cure
Training
Requirements
Design
Implementation
Verification
Release
Response
Release (optional)
Manual code review
Penetration testing
Vulnerability analysis