Issue No. 01 - January/February (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.18
Bronwen Matthews , Adobe
Companies should try to match security consultancies or even individual consultants to specific projects. To do this, get to know the consultants—in particular, their skills, experience, and interests. Attend security conferences to be aware of their latest research. Beyond this, look for softer skills, such as good communication skills, and an understanding of the challenges that product teams face. Also, develop relationships with consultancies that can grow along with your changing security needs. These steps can improve security and optimize the outlay of your product improvement dollars.
security consultant, security development life cycle, SDL, secure product life cycle, SPLC, computer security, cybersecurity
B. Matthews, "Optimizing Product Improvement Spending with Third-Party Security Consultants," in IEEE Security & Privacy, vol. 10, no. , pp. 91-93, 2012.