![]() It ends with the communication or risk and monitoring activity through a Product Security Incident Response Team (PSIRT). It follows with a thorough evaluation of product security issues and solutions, and validation that any identified vulnerabilities have been resolved. The NetApp SDL process begins with a security assessment and release of the compliance and test plans. Although the primary objective is to embed security leadership in development teams, these champions also serve as key points of contact for the product security group as it monitors product team execution of the SDL. Each champion receives in-depth security training, particularly exposure to security best practices, including the NetApp SDL. Security champions are security-minded professionals on NetApp product teams who promote secure development best practices and the SDL in their organization, while advancing the adoption and understanding of product security in general. NetApp also offers internal forums and access to commercial events to help individuals advance their security knowledge. NetApp requires an annual security refresher to communicate the changes that inevitably occur in product security. The training is tailored to the role of trainees-product manager, developer, QA, and the like-to build awareness of product security and support for incorporating security practices into their work. Security training includes education on current threats, secure development techniques, vulnerabilities, and methods for addressing security issues. NetApp requires security training for personnel involved in product delivery. The NetApp SDL process starts with building security awareness and expertise within our product teams through training and the appointment of security champions. The 6-step NetApp SDL process SDL foundation: Security training and champions The SDL requires that all known vulnerabilities, including third-party component vulnerabilities, have been appropriately addressed. The product teams can implement the SDL processes and policies to deliver secure products. The product security group provides best practices for the SDL, procedures in support of it, and security expertise to the product teams. The SDL process enables NetApp to understand the risks the products present, as well as to evaluate the effectiveness of the product team’s compliance with the full SDL. Throughout the course of product development, NetApp teams can execute this explicit and predefined set of activities to help ensure that the product is reliably secure. The SDL implemented at NetApp is a defendable and repeatable 6-step process (illustrated in the following figure) that the teams who build NetApp products and services can follow. ![]() NetApp Secure Development Lifecycle (SDL) overview ![]() ![]() The process begins with the first plans for a product, before a single line of code has been written, and extends through to monitoring products after they have been released. NetApp’s SDL defines a rigorous process based on industry best practices and standards that product teams can follow to assess security and plan for the release of a secure product. ![]() To provide that assurance, NetApp has developed the Secure Development Lifecycle (SDL), a standard for product development that evaluates and responds to potential vulnerabilities. Security vulnerabilities are widely recognized throughout the computer industry and by our customers who need assurance that the products they use are secure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |