Secure software development process adds a series of security-focused activities and deliverables to each phase software development process. These security activities and deliverables include definition of security feature requirements and assurance activities during the requirements phase, threat modeling for security risk identification during the software design phase, the use of static analysis code-scanning tools and code reviews during implementation, and security focused testing, including Fuzz testing, during the testing phase. An extra security push includes a final code review of new as well as legacy code during the verification phase. Finally, during the release phase, a final security review is conducted to identify and remediate any remaining security vulnerabilities.
The process is augmented with mandatory security training for its software development personnel, with security metrics, and with available security expertise via Symosis Security team. In addition to training developers and designing and building the product with appropriate security, secure software development incorporates planning for security failures after release so the organization is ready to swiftly correct unforeseen problems. The secure software development process is articulated as a 12 stage process as follows: