Although many engineers consider product-usage security an IT or operations team task, the engineering team should play the major role in creating a secure product. Consequently, you must make security an integral part of your development process. The most effective way to do this is to review security elements as programmers develop the code and as QA tests it.

Security often becomes a high-priority development issue when some driving event occurs—a customer asks questions about security before buying the product, a certifying organization requires a security audit, or a hacker breaks into the system. Don't wait until a driving event occurs. Instead, secure your product before being asked to do so, either by hiring an outside consultant ...