Chapter 7 Ship (A5): SDL Activities and Best Practices

7 Ship (A5): SDL Activities and Best Practices

Now that you have reached the last phase of the software development lifecycle, you need to ensure that the software is secure and that privacy issues have been addressed to a level at which the software is acceptable for release and ready to ship. Software security and privacy requirements should have come from initial phases and been refined throughout the cycle. In this chapter, we will take you through the last stage of policy compliance review, followed by the final vulnerability scan, pre-release penetration testing, open-source licensing review, and the final security and privacy reviews (see Figure 7.1).

As discussed in SDL Phases (A1)–(A4), SDL policy compliance covers all projects that ...

Get Core Software Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Core Software Security by James Ransome, Anmol Misra

7

Ship (A5): SDL Activities and Best Practices

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly