Secure SDLC guide

Hello everyone,

​

I just signed to reddit so I can post this.

​

I need to make a Secure SDLC guide and I need a bit of help as I don't have any guide that I could use as a model.

I would like to know what is something that should definitely not be missing from such a guide, maybe a content structure, standards/frameworks that I should refer to like:

ISO/IEC TS 17961:2013 specifies rules for secure coding in the C programming language, and code examples.

BSIMM7 & OpenSAMM Framework

NIST SP 800-64 Secure SDLC requirements

PCI DSS, NIST and FIPS recommended Software Security practices

OWASP Web Security Testing Practices

OWASP and CERT recommended Secure Coding Practices

Common Vulnerability Scoring System

​

Anything else that you think could be useful will be very much appreciated.

​

Also, I am new to this area and I would like to know a realistic time frame that is necessary in order to create a guide with adequate content.

​

Thank you!