One problem facing every organization looking to build functional yet secure software is that they don't know what the best practice is for every discipline that plays a role in the creation of a robust application. Yes, there are lots of helpful security initiatives, organizations and regulatory guidance, but trying to draw them all together into an efficient well-built application can seem like an overwhelming task. This is partly because a lot of the recommendations are based on theory and ideal scenarios.

Those looking for a framework based on what has been achieved in the real world should take a look at the