A company is introducing a new policy which mandates the inclusion of security measures throughout their software development process. To align with best practices, when should the development team perform security risk assessments?
Security risk assessments should be performed during the requirements gathering phase of the Software Development Lifecycle. This allows the development team to identify potential security requirements early on and integrate necessary security controls in the design of the software, rather than retrofitting them at a later stage, which is often less effective and more costly. Integrating security in the early stages, known as 'shifting left', is considered a best practice for developing secure software. The other options are stages where security assurances can continue to be applied and validated, but the initial risk assessment's integration point is fundamental during requirements gathering.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What do you mean by 'shifting left' in software development?
Open an interactive chat with Bash
What are some key security measures to include during the requirements gathering phase?
Open an interactive chat with Bash
Why is it less effective to perform security measures after deployment?