CTSC will be exploring this topic over the coming months by supplementing CTSC’s existing training materials on secure coding practices with guides that cover additional security topics throughout the software development lifecycle, such as:
- identifying security objectives and addressing security threats during the software design phase to avoid patching for security issues later in the process
- software release engineering to support the integrity and maintenance of deployed software, including security hygiene for developers to safeguard credentials and revoke credentials if compromised
- vulnerability handling processes and software update mechanisms to address software vulnerabilities when they occur
- software maintenance and dependency management for keeping up-to-date on security standards and fixes
We welcome your input and questions as we develop materials (and gather pointers to existing materials) on these topics. Please join the discussion on the CTSC Security Discussion email list.