Chapter 14. Stage 9: The Final Security Review

In this chapter:

Product Team Coordination

Threat Models Review

Unfixed Security Bugs Review

Tools-Use Validation

After the Final Security Review Is Completed

As the product draws close to completion, an important question has to be answered: from a security and privacy perspective, is the product ready to ship to customers? The goal of the Final Security Review (FSR) is to answer this question. Performed by the central security team, the FSR is not only a critical part of the Security Development Lifecycle (SDL), it’s also complex, including many important tasks.

Before a software product can ship to customers, it must successfully complete its FSR. A failed FSR must be evaluated to determine how egregious ...

Get Security Development Lifecycle now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial