CSSLP Domain 6 Secure Software Lifecycle Management

Domain 6: Secure Software Lifecycle Management (11%)

The sixth domain of CSSLP is secure software lifecycle management which comprises 11% of exam weightage. This is one of CSSLP’s most essential domains, and it relates to the management of the various processes and procedures needed to implement security protocols through each stage of the software development lifecycle (SDLC).

This domain encompasses the whole lifecycle, from planning and road mapping to determining appropriate security requirements and procedures for future implementation. It demonstrates how to manage security as part of a software development approach and documentation. It also explains how to create security metrics (e.g., defects per line of code, criticality level, average remediation time, and complexity).

This domain is divided into the following subsections:

• Secure configuration and version control (e.g., software, hardware, implementation, interface, patching)
• Define strategy and roadmap
• Manage security within a software development methodology
• Identify security standards and frameworks
• Define and develop a security documentation
• Define security status (e.g., defects per line of code, criticality level, average remediation time, complexity)
• Decomposition software
• Report security status (e.g., dashboards, reports, feedback loops)
• Incorporated Integrated Risk Management (IRM)
• Promote security culture in software development
• Implement continuous improvement (e.g., retrospective, lessons learned)