Attacking software is really attacking the software development process. The adversary is looking to take advantage of software defects before those defects are repaired. This paper explores the attack timeline in the SDLC