Audit-as-a-Silver-Bullet: Secure Software Development Lifecycle (SSDLC) processes for Web2 products have evolved over several decades to a point where they are expected to meet some minimum requirements of a combination of internal validation, external assessments (e.g. product/process audits, penetration testing) and certifications depending on the value of managed assets, anticipated risk, threat model and the market domain of products (e.g. financial sector has stricter regulatory compliance requirements).
- Secure Software Development Life Cycle (SSDLC)
- Web2 -> SSDLC
- Web3 -> Audits
- Build -> Audit -> Launch
- Often perceived as Audit-as-a-silver-bullet