Dow A. Williamson CISSP, CSSLP; SCIPP International, Executive Director
From "start-up" through "acquisition & development", "implementation", and "operations & maintenance" to "decommissioning", it's far too easy to lay the responsibility for the secure software life cycle at the feet of the application developers. What about all the other professionals involved in the software development life cycle (SDLC)? Question: What responsibility do the application owners, procurement officers, business unit heads, delivery personnel, senior managers, business analysts, quality assurance managers, program managers, technical architects, security specialists, and IT managers have with respect to the SDLC? Answer: They all have either a legal or fiduciary responsibility to be aware of basic secure coding principles. Don't be the one who is "made an example out of" when an application development project goes awry!