From the course: CSSLP Cert Prep: 2 Secure Software Requirements

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Policy decomposition

Policy decomposition

From the course: CSSLP Cert Prep: 2 Secure Software Requirements

Start my 1-month free trial

Policy decomposition

- [Instructor] Every developer you work with has their own unique background. From their level of education and training to the programming languages which they learn to code, no two developers are alike. So how in the world can you expect to apply a consistent approach to securing the apps they write? Simple, through policy. First things first. A policy represents the level of excellence with which an organization strives to operate. At some point, someone in your organization made a decision that application security was important, important enough to spend time and money on. Application security is a pretty broad field though. So someone decided to write down those components of appsec that are in line with how much money and time the organization was willing to invest. That document, that policy, has become a guidepost that developers and appsec professionals can both reference to make sure that the finished app…

Contents