0x00 Preface
Here is a record of issues that may be specific to SDL. Of course, many of the contents will not be published directly and need to be explored by yourself. Of course, if you have some questions, you can also leave a message simultaneously.
0x01 problem
1.What does SDL consist of in English?
Software Development Life Cycle Some call it SDLC, some say SDL is actually a thing
2.What is SDL
Refers to the life process of software from creation to death
3.The main purpose of SDL
- Safe left shift
- Safety for everyone
- safe by default
- Overall safe operations
4.SDL main activity cycle and description
- training
- security requirements
- Safe design
- accomplish
- verify
- release
- response
- offline
The above is a cycle process, and the specific content requires different thinking.
5. Disadvantages of SDL
- Big, too heavy
- More security resources need to be invested
6. Challenges faced
- Lack of automation tools
- communication problems
- Threat modeling issues, reuse, and implementation
0x02 Thinking
If the company does not adopt the DevOps model, or adopts a semi-DevOps model, then through the use of SDL construction, it can also use the ideas of semi-SDL and semi-DevSecOps processes. The advantage is that it can allow the SDL part to proceed normally and also satisfy part of the DevOps process.
- Complete tool chain
- Test embedding
- Develop Embed
- Process specifications