Which statement best summarizes secure development requirements under PCI DSS?

Secure development under PCI DSS means treating security as an integral part of every step of building and maintaining software, anchored to PCI’s own requirements, aligned with established standards, and woven into the entire development life cycle. The best summary captures all of that: you must follow PCI DSS controls (including things like secure authentication and proper logging) to protect access and give reliable audit trails; you should base your practices on recognized industry standards or best practices to leverage proven approaches; and you must embed information security throughout the software development life cycle, from design through deployment and ongoing maintenance. When you combine these elements, you ensure that security isn’t bolted on at the end but is built into the process and the product.