risk management in software development lifecycle

[test.future () gmail com]

Security risk identification, assessment and mitigation have become vital task nowadays. We plan to implement security 
risk management framework in our software development life cycle, from requirement specification, software 
architectural design, software development, until application penetration test and change management. Our focus is 
security-related risks. 

We understand there are several frameworks and methodologies, but in order to implement it in real life, we need a 
software tool to assist us in gathering information in risk identification, tracking risk status, etc. Anybody knows of 
such tools? Web-based enterprise version is preferred, since we have so many information systems to manage. Thanks in 
advance.

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------