The Secure Software Development Lifecycle (SSDLC) integrates security activities into every phase of software development. Instead of treating security as a final checkpoint before release, SSDLC makes it an ongoing responsibility shared by developers, security teams, and operations staff.
Microsoft’s Security Development Lifecycle popularized the concept after highly publicized security incidents. Organizations that implement SSDLC find and fix vulnerabilities far earlier in development, when changes are cheap rather than post-deployment when they are expensive and damaging.
CISSP Relevance
SSDLC is the primary focus of Domain 8 (Software Development Security). CISSP candidates must understand each phase of the lifecycle and the security activities appropriate to each phase.
External reference: NIST SP 800-64 Security Considerations in the SDLC
Related terms: Security by Design, Penetration Testing