The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers
«
»

SAFECode updates its guide on best secure software development practices – SD Times

Posted by jpluimers on 2020/07/15

Interesting to see is how much is not about actual coding, but of tooling, testing, processes, operations and mindset.

[WayBackSAFECode updates its guide on best secure software development practices – SD Times

PDF: [WayBack] SAFECode releases Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition).

Table of Contents:

Page;Topic
 4; Executive Summary
 5; Introduction
 5;  Audience
 6; SAFECode Guidance and Software Assurance Programs
 7; Application Security Control Definition
 7;  Actively Manage Application Security Controls
 9; Design
 9;  Secure Design Principles
10;  Threat Modeling 
11;  Develop an Encryption Strategy
12;  Standardize Identity and Access Management
14;  Establish Log Requirements and Audit Practices  
15; Secure Coding Practices
15;  Establish Coding Standards and Conventions
15;  Use Safe Functions Only
17;  Use Code Analysis Tools To Find Security Issues Early
17;  Handle Data Safely 
20;  Handle Errors 
21; Manage Security Risk Inherent in the Use of Third-party Components
22; Testing and Validation
22;  Automated Testing
24;  Manual Testing
27; Manage Security Findings 
27;  Define Severity
28;  Risk Acceptance Process. 
29; Vulnerability Response and Disclosure
29;  Define Internal and External Policies
29;  Define Roles and Responsibilities
30;  Ensure that Vulnerability Reporters Know Whom to Contact 
30;  Manage Vulnerability Reporters
30;  Monitor and Manage Third-party Component Vulnerabilities 
31;  Fix the Vulnerability
31;  Vulnerability Disclosure
32;  Secure Development Lifecycle Feedback  
33; Planning the Implementation and Deployment of Secure Development Practices
33;  Culture of the Organization 
33;  Expertise and Skill Level of the organization 
34;  Product Development Model and Lifecycle
34;  Scope of Initial Deployment
35;  Stakeholder Management and Communications
35;  Compliance Measurement 
36;  SDL Process Health
36;  Value Proposition.
37; Moving Industry Forward
37;  Acknowledgements
38;  About SAFECode

–jeroen

This entry was posted on 2020/07/15 at 06:00 and is filed under Development, Security, Software Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»