Advisory Technology Client Story

Secure SDLC Gap Analysis and Security Roadmap Development

An award-winning publisher of video games trusted Security Compass to perform a secure software development life cycle (SDLC) gap analysis across their organization and sought our guidance on what to include in their company’s security roadmap.
Read our other Technology Client Stories.

Global
Technology, Entertainment, Gaming

Practice Areas
  • Software Development Life Cycle (SDLC) Gap Analysis and Best Practices
  • Secure Development Standards


Our Client’s Challenge:

  • Lacking maturity in their security program, there were no processes, policies or guidelines, to help drive a secure software development life cycle (SDLC) framework.
  • Understanding that identifying security requirements early on in the SDLC could help save money in the long run, our Client sought assistance from Security Compass to help set up the initial framework for developing code securely, particularly as it related to developing video games.
  • The lack of any secure SDLC framework within the organization made it a challenge to identify where to start implementing tactical items along existing SDLC processes.
  • In addition, 50% of existing software used by our Client was developed by third-party vendors; those risks also needed to be managed.

Our Approach:

  • Security Compass helped our Client gain clarity with security requirements by helping develop a framework around their SDLC, including recommendations regarding where SD Elements, a security requirements tool, should be integrated. Our approach was first to perform a secure SDLC gap assessment to identify where improvements could be prioritized in the context of our Client’s existing business.
  • This involved understanding our Client’s current state of security, priorities, and identifying proactive security activities that could be accomplished within a defined roadmap. The secure SDLC gap assessment helped our Client prioritize security processes to be implemented and managed, taking into account a small security team.

The Result:

  • Security Compass enabled our Client to establish a secure SDLC framework and roadmap to improve their overall software security posture. We identified short and long term secure SDLC activities that could be easily leveraged given a small team, without disruption to normal business processes.
  • Security Compass helped implement a secure SDLC dashboard in our Client’s application lifecycle management (ALM) tool that would display at-a-glance the status, bottlenecks and owners of all SDLC activities across development projects; irrespective of whether the software was being developed in-house or by a third party vendor.
  • Within months, our Client transitioned from having no secure SDLC activities, to owning a tailored security roadmap and a secure SDLC dashboard that could help measure and drive continuous improvement to the security of their product.
Within months of working with Security Compass, our Client transitioned from having no secure SDLC activities, to owning a tailored security roadmap and a secure SDLC dashboard that could help measure and drive continuous improvement to the security of their product.

Back to Client Stories

Contact Us

Our Advisory services team has 14 years of experience focused on Application Security. We take a flexible approach to your strategic security problems.

Whether you are a global enterprise looking for advice on security strategy and governance, a major financial seeking support on regulatory compliance and penetration testing activities, or a startup looking for high quality assessments to give customers assurance for your business, we're here for you.

Our credentialed professionals are experts in how to break applications and fix code, who take pride in helping you succeed in your Secure SDLC and Secure DevOps programs. Contact us today to learn how we can help solve your organization’s application security challenges.

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other