ICS secure SDLC
Knowingly or unknowingly, ICS owners are often in the software development business. Most, if not all, ICS have some sort of custom code running, be it a custom-built HMI application or a warehousing management system designed specifically for the needs of the ICS process that the company runs. As such, a discussion on secure Software Development Life Cycle (SDLC) is warranted. Also, approaching ICS application security management from a development life cycle perspective and integrating security early on in the life cycle, allows for uncovering of vulnerabilities and addressing them before these applications are in use.
The definition of secure SDLC
SDLC is a framework that defines the process used by organizations to manage and maintain an application from its design phase to its decommission. There are many different SDLC models out there, used in various ways to fit individual circumstances and environments. What most of these SDLCs have in common are the following phases...