Overview
Explore a comprehensive conference talk on implementing the Systems Development Life Cycle (SDLC) and improving software development practices. Gain insights from Sarah Clarke's presentation at Notacon 11, covering topics such as defining good software, analyzing the Toyota case study, understanding bug impact, and overcoming challenges in software development. Learn strategies for gaining organizational buy-in, including senior management support and customer-driven security requirements. Dive into the fundamentals of secure development, including security awareness, threat modeling, secure architecture, peer review, static code analysis, and dynamic security testing. Discover best practices for pre- and post-deployment phases to enhance overall software quality and security.
Syllabus
Intro
whoami
What is Good Software
Toyota: Case Study in Bad Software
Bug Impact
Why Bad Software?
Getting Everyone On Board
Senior Management
Yay! Customers Require Security
Systems Development Life Cycle
Pizza Riot
Fundamentals of Secure Development
Security Awareness
Threat Modeling and Secure Architecture
Peer Review and Static Code Analysis
Dynamic Security and Functional Testing
Pre/Post deployment
Any Questions?