This topic is very pertinent. I agree that the lack of attention paid to
security in many development projects stems from an inability to track
security requirements in the software development life cycle. By
addressing security requirements in a use case model, I believe that
traceability can
When I coach teams on security in the SDLC, I ask them to first see
what mileage they can get out of existing artifacts, like Use Cases,
User Stories, and so on. While these artifacts and processes were not
typically designed with security in mind, there is generally a lot of
underutilized
Gunnar, All, (long I apologize)
As I sat down to write (the fairly languished) Enterprise Security
Architecture book I realized that process tie-in was essential. I realized
that hope of configuring your containers let alone developing a secure
application were lost unless the security goals were