UnixTime

Research Note

Secure Development Policy

Use this policy to define mandatory secure development rules for internal teams, contractors, and suppliers.

On this page

When to use this

Use this policy to define mandatory secure development rules for internal teams, contractors, and suppliers.

Policy areas

Area Rule Evidence
Secure coding standard TBD TBD
Code review TBD TBD
Dependency management TBD TBD
Secrets handling TBD TBD
Vulnerability remediation TBD TBD
Development environment protection TBD TBD
Supplier development TBD TBD

Minimum rules

  • Secure development rules are mandatory.
  • Developers and reviewers are trained.
  • Code/security reviews are performed.
  • Vulnerabilities are tracked to closure.
  • Supplier development follows equivalent rules.
  • Standards are periodically reviewed.