👩💼 Senior manager: How long do you need to deliver Feature X?
Software developer: That will take the team about two months, including testing.
👩💻 Senior Manager: You have one month and you'd better deliver on time, otherwise P45 (Separation Notice)
In an environment where software developers are constantly under pressure to deliver, deliver, deliver and deliver quickly, it's inevitable that shortcuts will be taken and some non-functional requirements will not be met. This could result in the development team being in too much of a hurry to follow fully your organisation's software development lifecycle and security requirements - insecure software development.
The impact of Insecure software development on your organisation will include:
🕐 Technical Impact
Data confidentiality & integrity. Insecure development can lead to unauthorised cloud access
🕑 Operational Impact
Insecure software development can cause delays to feature updates and could cause partial/complete shutdown of your cloud services
🕒 Financial Impact
failing to comply with regulatory requirements can result in fines and compensations payouts
🕓 Reputational Impact
Data breach caused by insecure software development could result in customers loosing faith in your organisation commitment to keeping their data safe.
Should the responsibility be placed squarely at the feet of the software developers who, under pressure from above, feel obliged to cut corners to meet unrealistic deadlines, or, should the manager making the requirement be fully responsible and own that risk?