About
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Careers
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Contact
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Services Industries Knowledge Center People

About Our Services

We offer tailored solutions — whether private company or owner; public or private fund, adviser or fund service provider; or Fortune 1000 enterprise. Learn how we can help you.

Learn More

Assurance Services

Employee Benefit Plan Audits Internal Controls Investment Company Audits Private Company Audits SOC Readiness & Compliance

Tax Services

Federal Tax Planning & Compliance High Net Worth & Wealth Transfer International Filings & Structuring Investment Company Tax State & Local Tax Tax Credits & Incentives Transaction Tax Planning

Advisory Services

Business Valuations Data & Insights Digital Finance Solutions IT Strategy & Implementation M&A Advisory Outsourced Accounting Solutions Risk Assurance & Advisory Transaction Services Turnaround & Restructuring

Our Industry Expertise

Our industry experience means you can find professionals who speak your language and bring earned insights to the table. Learn how we can help you.

Learn More

Key Industries

Digital Assets Investment Companies Manufacturing Private Companies Private Equity Real Estate & Construction Technology & Life Science
VIEW THE COMPLETE LIST

Knowledge Center

Our team wants to help your team stay up to date. Browse our thought leadership, events and news for insights and a point of view on business-critical topics.

Learn More

Insights

Browse valuable articles and publications our experts have written to help you and your organization answer key questions — and consider new ones.

Read Our Insights

Events

Join us in person and online for events that address timely topics and key business considerations.

Explore Our Events

News

Find out what is happening at Cohen & Company, from industry recognitions and growth updates, to where we are contributing to important media stories.

Read Our News
People
Foundational Principles In the Community Diversity, Equity & Inclusion Technical Excellence Alumni TIAG Membership
Why Cohen & Company Our Culture Total Rewards & Benefits Intern & Entry Level Opportunities Experienced Opportunities
Akron, OH Baltimore, MD Chicago, IL Cleveland, OH Detroit, MI Milwaukee, WI New York, NY Philadelphia, PA Pittsburgh, PA St. Clair Shores, MI Youngstown, OH
Client Portal
Back to Insights

How a Secure Software Development Model Can Minimize Your Cybersecurity Risk

July 23, 2021 Risk Assurance & Advisory, IT Risk Advisory

In this installment of our cyber safety series, learn how implementing a secure software development process can minimize your risk for software breaches.

Exploiting software vulnerabilities is one of the most common causes of cybersecurity breaches. These vulnerabilities are flaws in application code that, if identified by “bad actors” or cyber criminals, can be exploited to compromise a secure network. Some of the largest security breaches in recent memory, such as the 2017 Equifax data breach, 2019 Capital One breach and the 2013 Yahoo data breach, were due at least in part to software vulnerabilities.

Despite the prevalence of software vulnerability exploits, security vulnerabilities are often an afterthought in software development, as software engineers are primarily focused on developing applications that meet user functionality and performance requirements. Traditionally, security is considered in the late phases of software development, namely testing and implementation. However, testing is usually focused on identifying bugs that impact application functionality, and vulnerabilities identified in the later stages usually require significantly more time and resources to resolve.

What is Secure Software Development?

The general idea of secure software development life cycle (SDLC) is to move security to the earliest phases of software development, also referred to as shifting security left, and to integrate security in all phases of the development process. There are several secure SDLC models aimed at addressing cybersecurity risks in software development. Some of the more well-known ones include Microsoft’s Secure Development Lifecycle Practices and NIST’s Secure Software Development Framework.

Moving security to the early phases of your SDLC process, and integrating security throughout all phases allows your organization to not only identify and address security issues before writing the first line of code, but also positions you to identify and address unexpected issues sooner in the process. Identifying security vulnerabilities early also significantly reduces the cost and effort required to address these issues, versus trying to tackle them at a later stage. In fact, according to IBM’s System Science Institute, the cost of addressing vulnerabilities identified during the testing and maintenance phases is 15 and 100 times more expensive, respectively, than if they were identified during the design phase.

How to Adopt a Secure Software Development Model

Adopting a secure software development model will help your organization reduce vulnerabilities in released software and minimize the impact of exploited vulnerabilities. Below are some steps to take to move to a secure development process.

Establish Organizational Level Security Requirements

Define policies specifying the software development security requirements, including secure coding practices, software architecture requirements and securing the development infrastructure.

Educate Your Development Team

Educate your developers on secure coding practices, frameworks and the use of security focused development tools.

Consider Security at Every Phase

Integrate security considerations throughout your existing SDLC process. Some examples of integrating security into SDLC include:

  • Defining security requirements as part your functional requirements gathering phase; requirements may include internal policies, and applicable laws and regulations.
  • Considering security requirements during application design. Consider security risks associated with key aspects of the application, such as the types of data the application will have access to, third party integrations, and the development technologies and underlying platforms to be used.
  • Considering security when building test cases. In addition to testing the functional security features built into the application, you should also leverage testing tools such as fuzz and dynamic vulnerability testing to identify security vulnerabilities.

With cyber criminals aggressively seeking out software vulnerabilities to exploit, we can expect to see more breaches in the future. Implementing a secure software development model will bring security to the forefront of your development process and minimize the chances that vulnerabilities in your software will be the cause of the next major breach.

Contact a member of your service team to discuss this topic further.

Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.

Sign Up for Our Emails & Events

Receive insights from our specialists in a variety of areas and timely information on upcoming events directly to your inbox as they go live in our online Knowledge Center.

Subscribe Today
Subscribe to our newsletter
About Contact Submit RFP Privacy Policy
LinkedIn Twitter Facebook
© 2023 Cohen & Company