SSDL Touchpoints
Analysis and assurance of software development artifacts and processes
SSDL Touchpoints includes those practices associated with analysis and assurance of particular software development artifacts and processes. All software security methodologies include these practices.
Architecture Analysis
Architecture Analysis encompasses capturing software architecture in concise diagrams, applying lists of risks and threats, adopting a process for review (such as STRIDE or Architecture Risk Analysis), and building an assessment and remediation plan for the organization.
Learn moreCode Review
The Code Review practice includes use of code review tools, development of tailored rules, customized profiles for tool use by different roles (for example, developers versus auditors), manual analysis, and tracking/measuring results.
Learn moreSecurity Testing
The Security Testing practice is concerned with prerelease defect discovery, including integrating security into standard QA processes. The practice includes the use of black-box security tools (including fuzz testing) as a smoke test in QA, risk-driven white-box testing, application of the attack model, and code coverage analysis. Security testing focuses on vulnerabilities in construction.
Learn moreBSIMM12 Has Launched—Don’t Miss the Latest Findings
