File:20140219-SSDLC Ready for Clouds-Robert.pdf

S-SDLC – Ready for Clouds? (by Robert Schneider, Swisscom IT Services AG ) Many companies have it (somehow) and numerous are planning to implement one – a Secure Software Development Life Cycle (S-SDLC). As Swisscom is building a new Cloud, the whole S-SDLC had to be reconsidered to match the new challenges. In this presentation I would like to give you an overview of the four fundamental phases that we plan to implement in our new S-SDLC (Intellectual Property Scan, Code Review, Vulnerability Scanning and Stress & Load Testing) as well as an idea of what these phases are meant to do. Additionally, I would like to give you an idea of what possible candidates (i.e. tools) could be of interest for you and where we see the biggest pitfalls so far. As this is a considerable topic, I hope that you bring with you many questions, answers as well as your own experiences to share with each other.