Information Security Challenges in an Enterprise-Grade Software Development Lifecycle

Abstract

In an era of escalating cyber threats and digital complexity, the integration of information security into the software development lifecycle (SDLC) is imperative for building trustworthy enterprise-grade software systems. This literature review synthesizes and critically evaluates over 30 scholarly and industry sources to identify current practices, frameworks, and tools for SLDC implementation. It explores prominent cybersecurity frameworks, such as Microsoft’s SDL, OWASP SAMM, NIST SSDF, and assesses how well they accommodate modern cloud security practices within contemporary SDLCs. Special attention is given to the DevSecOps paradigm, which integrates automated security checks and developer engagement into continuous integration and delivery pipelines, and to SBOMs as a means of exposing and managing third-party component risks in complex supply chains. Findings reveal persistent challenges related to integration with agile workflows, cost, lack of standardized metrics, and organizational resistance (i.e. the human factor). The overall result is the amalgamation of software security best practices extracted from the examined literature into a concise overview to assist further research in this area. The paper concludes with a call for more adaptable, scalable, and measurable security practices that align with modern software development methodologies aimed at facilitating the enterprise-grade integration and delivery of code.