Chapter 10. Secure Development and Assurance
Throughout the course of this book, we’ve covered how to design a secure solution based on the external and internal requirements of the solution as well as the threats that it’s exposed to. With that we’ve addressed design with regard to the design-build-run framework.
Automating major elements of the building process can significantly reduce the time it takes development teams to go from design to production. In other words, we’re getting newly developed functionality into production at a much quicker rate, which is a pretty good outcome. Because these automated processes eliminate a significant amount of manual gatekeeping, the likelihood of a vulnerable solution and the probability of the introduction of insecure code into production increases.
In this chapter, we will discuss how we can overcome this challenge by incorporating security measures into the development and building process.
Chapter Artifacts
We will discuss the development and assurance processes in order to determine what kinds of security tests and assurance measures we ought to incorporate into the process and whether or not it’s even possible to do so. We’re documenting the results of this in the test strategy and plan artifact as outlined in Figure 10-1.
The risks, assumptions, issues, and dependencies (RAID) artifact is where we will discuss how we can document and manage risks, assumptions, issues, and dependencies not of the solution itself, but rather of ...
Get Security Architecture for Hybrid Cloud now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.