This case study describes the implementation of the Software Development Lifecycle (SDLC), tied to a risk analysis view, using Brinqa technology. As a result, the Depository Trust and Clearing Corporation (DTCC) achieved improved application security risk and SDLC governance.
The challenges that DTCC faced can be summarized as follows:
- DTCC uses a variety of tools and assessment technology for application software security. These include tools for static code analysis, application penetration testing (Pen-test), open source software issues, and insider threat analysis. A common repository to provide a holistic view of security information for the applications was desired.
- The business product line owners and executives need a standard framework to represent risk and exposure. They require visibility in identifying the most critical issues that impact their application portfolio.
- As part of the overall Building Security in Maturity Model process, DTCC needs quantified toll gates to measure application lifecycle progress and to monitor product and application risk during the development lifecycle.