The Security Problem In Software Development Life Cycle Question & Answer

Operation Francophone attacks that took place in May 2013 at known telecommunication provider in France was the most sophisticated cyber attacks that happened without anyone noticing. The attack was complex and hard to realize because attackers posed as managers of the organization sending invoices and calling the recipient to process the invoice. Numerous factors lead to the success of cyber attacks involving large enterprises. The attackers impersonated an insider who seemed to have a lot of influence to the organization to gain access to the security system. The invoice file sent contained malware that would be installed once the recipient tried to open it.
Security concerns considered during the software development lifecycle influence the operation and the ability of the software to resist attack from cyber criminals. Most organizations are in the hurry to have their software developed and released to perform their intended work, but they fail to realize threats and vulnerabilities associated with ignoring software security during the development process. The lack of an effective application security to detect real and fake emails or messages made it hard to recognize the social engineering aspect of the attack.
Security professional in every organization or society has a big role to play in safeguarding the information of users and organization. One of the strategies that security professionals should use is developing overlapping, multiple, and mutually supportive protective mechanisms that guards the system against any single-point failure. The Francophone attackers used a single-point route to access the organization’s security system. Software developers should consider such a recommendation during the development life cycle to avoid organizations going back to the design stage to introduce new security features. Second, security professionals should always keep private keys protected to prevent outsiders from sending messages or any other kind of online communication without the prior scrutiny of the type of information contained in the text.