Armchair Architects: Secure Software Development Lifecycle (pt 2)

The secure software development cycle (SDLC) emphasizes integrating security at every stage of development, rather than as an afterthought. In this episode of the Armchair Architects (part of the Azure Essentials Show), our trio of architects continue the conversation they began in part one of this episode (https://aka.ms/AzEssentials/184 ), focusing on secrets management, the risks involved in using unsecured code repositories, and the importance of supervised training for AI models used to review code Resources • Michael Howard at Amazon https://www.amazon.com/stores/Michael-Howard/author/B001H6GDPW • Best practices for protecting secrets https://learn.microsoft.com/azure/security/fundamentals/secrets-best-practices • Azure Key Vault https://learn.microsoft.com/azure/key-vault • Secure DevOps environments for Zero Trust https://learn.microsoft.com/security/zero-trust/develop/secure-devops-environments-zero-trust Related Episodes • Armchair Architects: Secure Software Development Lifecycle (pt 1) https://aka.ms/AzEssentials/184 • Watch all the Armchair Architects episodes https://aka.ms/ArmchairArchitects • Watch the Azure Essentials Show https://aka.ms/AzureEssentialsShow Connect • Ulrich (Uli) Homann https://www.linkedin.com/in/ulrichhomann • Eric Charran https://www.linkedin.com/in/ericcharran • David Blank-Edelman https://www.linkedin.com/in/dnblankedelman Chapters 0:00 Introduction 0:46 Writing Secure Code, by Michael Howard 1:20 Secrets management 1:34 Azure Key Vault 1:48 Code repositories at risk 3:30 Discussion of AI systems