The single most important ingredient for a secure SDLC process is leadership commitment.
Each phase in a Secure SDLC has security involved. These security enhancement measures can be seen as optional or extra when seen in relation to a typical SDLC which only has security addressed in testing phases, if that. These security enhancements when done correctly can be a significant time investment, but time and resources well spent. When pressure to release a new feature or bug fix shows up, it can be tempting to shortcut these enhancements for the sake of time. Developers are typically familiar with Technical Debt, there is a variation of this called Security Debt which is the eventual accumulative cost of fixing software and repairing relationships, customer trust and brand trust that is associated with releasing software that is not secure. Leadership needs to be committed to planning the proper time and resources to ensure today’s features and bug fixes are not tomorrow’s vulnerabilities. Only through commitment to the full process from leadership will developers be able to maintain the discipline of developing a product that is a s secure as possible