The Content Delivery and Security Association (CDSA) within the Media and Entertainment Services Alliance (MESA) provides some sensible guidelines to improve the success of security implementations in product development.
They are: During Requirements gathering, During Design, During Implementation, During Test, During Deployment, and during maintenance.
These apply, regardless of whether your development methodology is the traditional linear ‘waterfall’ methodology, or is the more modern ‘agile.’
Read the full article at CDSA-MESA
Why it matters
This covers pretty much the entire product life-cycle.
As a long-experienced product manager, I daresay that these guidelines in any product development effort, in time saved from not having to regression-test endless fixes and adjustments, distribute updates to the Field, and the delays that these usually entail.