Skip to Main Content
As software security has increasingly become an important part of information security programs, there have been some notable trends and successes of various tools, processes, and models. Because "building security in" is so different from how enterprise software has historically been developed, the changes might seem revolutionary. In the enterprise, revolutionary changes involve cost and complexity, as organizations figure out how to incorporate new techniques, processes, and technology. The paper shows an informal list that doesn't say, "simply reboot your entire enterprise software development and you are ready to begin secure coding." Instead, it describes how people with limited budgets and/or authority can make potentially big changes in their enterprise software's overall security. 10 low or no-cost ideas were discussed in this paper.