Your costs will go up if you don't solve the security issue from the start
One important bank, together with an external supplier, decided to develop a new major bank system. It addressed us to ask for help with securing this system from its inception.
We drew up a complex methodology of security development based on the NIST methodology together with the list of the basic security requirements for the solution being developed. Subsequently, we proposed how to incorporate these requirements into the development processes, and we described the details in the project documentation.
The development of the whole system took about three years, whereas the security architect took part in the regular meetings of the team of developers. At the same time, he helped during the development itself by giving consultations. Regular penetration tests were the integral part of the support. They continuously verified the resistance of the core banking system against potential attacks.
Due to the implementation of secure development SSDLC, the company saved 75% on finances, when compared with the costs of securing the system after the development was finished.