Security is perhaps one of the most important engineering focus areas for application development teams. Unlike functional bugs, security bugs can potentially produce disastrous results for applications, application infrastructure, or users. It is incredibly important for application development teams to invest in a holistic approach to software security. This begins with an investment in a security process that will help focus the team on understanding application vulnerabilities and addressing them through a series of best practices for design and implementation. These processes and practices are outlined in the SD3+C framework for securing applications by design, by default, and in deployment and communications.

Application development teams need to integrate security-focused processes and practices into the earliest phases of the application development life cycle to ensure that any vulnerabilities or security bugs are found and addressed as early as possible. Security bugs can be quite challenging to find and are often risky to fix once the application code reaches a certain state of completion. Therefore, discovering and addressing security bugs early in the release process reduces potential code churn later in the development cycle and thus increases application quality and reduces risk of delayed delivery to market.