Most technology professionals will agree that security is an essential part of technology. Developers will frequently talk about security throughout the SDLC (software development lifecycle) process, adopting secure coding principles and performing testing to catch and fix bugs, as part of the overall development process. SDLC can be a powerful thing, and we can agree that more organizations need to adopt the mindset of a secure development environment.
So what is a large organization to do when looking at reviewing and modifying older legacy applications to meet the requirements for today’s SDLC? These older applications could have been written many years ago and the source code may not have been reviewed for many years. The people who wrote that original code may also no longer work for that organization, or the programming language used may no longer the actively supported.
Instead of trying to review and rewrite all that legacy software, the management effort should focus on:
- Prioritizing any organized review of legacy source code to focus on the areas with the highest risk.
- Improving the process for remediating vulnerabilities as they are reported.
- Running any new code, or any legacy code being modified, through your updated SDLC.
You can read more about an effective SDLC here.