The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,116 other followers

SAFECode updates its guide on best secure software development practices – SD Times

Posted by jpluimers on 2020/07/15

Interesting to see is how much is not about actual coding, but of tooling, testing, processes, operations and mindset.

[WayBackSAFECode updates its guide on best secure software development practices – SD Times

PDF: [WayBack] SAFECode releases Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition).

Table of Contents:

 4; Executive Summary
 5; Introduction
 5;  Audience
 6; SAFECode Guidance and Software Assurance Programs
 7; Application Security Control Definition
 7;  Actively Manage Application Security Controls
 9; Design
 9;  Secure Design Principles
10;  Threat Modeling 
11;  Develop an Encryption Strategy
12;  Standardize Identity and Access Management
14;  Establish Log Requirements and Audit Practices  
15; Secure Coding Practices
15;  Establish Coding Standards and Conventions
15;  Use Safe Functions Only
17;  Use Code Analysis Tools To Find Security Issues Early
17;  Handle Data Safely 
20;  Handle Errors 
21; Manage Security Risk Inherent in the Use of Third-party Components
22; Testing and Validation
22;  Automated Testing
24;  Manual Testing
27; Manage Security Findings 
27;  Define Severity
28;  Risk Acceptance Process. 
29; Vulnerability Response and Disclosure
29;  Define Internal and External Policies
29;  Define Roles and Responsibilities
30;  Ensure that Vulnerability Reporters Know Whom to Contact 
30;  Manage Vulnerability Reporters
30;  Monitor and Manage Third-party Component Vulnerabilities 
31;  Fix the Vulnerability
31;  Vulnerability Disclosure
32;  Secure Development Lifecycle Feedback  
33; Planning the Implementation and Deployment of Secure Development Practices
33;  Culture of the Organization 
33;  Expertise and Skill Level of the organization 
34;  Product Development Model and Lifecycle
34;  Scope of Initial Deployment
35;  Stakeholder Management and Communications
35;  Compliance Measurement 
36;  SDL Process Health
36;  Value Proposition.
37; Moving Industry Forward
37;  Acknowledgements
38;  About SAFECode


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: