This post continues my 12-part series about the Software Assurance Maturity Model (SAMM). Today we will be talking about Security Requirements, the second security practice in the Construction function. Almost all software development is driven by a set of business requirements, but unfortunately security is often not factored into these requirements at the start of a project. To address this issue, analysts and managers should work to integrate Security Requirements into a development project from the beginning. Security Requirements serve as a "hook" for security: once security has been written into the requirements, it will naturally follow the development lifecycle through design, development, testing, and deployment to production.