secure development model

Document Sample
secure development model Powered By Docstoc
					                                       TELUS Business Solutions | Security and Risk Management
                                       Business. Backed by TELUS.

                                       secure development model
                                       flexible, modular framework for building secure software

accelerating secure software development                                      a development model that works
Software systems today confront a greatly increased level of                  TELUS Secure Software Development Model (SDM) is a
security risk. As network security defences have matured, the                 sophisticated and comprehensive framework for secure software
intruder community has refocused its efforts on directly targeting            development. It is based on our more than 10 years’ experience
software and firmware applications.                                           in the field of software security and our close working relationships
                                                                              with global CMM/CMMI Level-5 certified development organizations,
Despite sophisticated development methodologies, most software
                                                                              leading security software product vendors, financial systems
is developed on the basis of practices and standards that are not
                                                                              vendors, and high-tech manufacturers.
well tuned to meeting these increased security requirements. As
a result, the rate of security vulnerabilities in software products and       Through the SDM, TELUS provides licensable intellectual property,
embedded systems is rising rapidly. The FBI, Gartner, and other               developer training, and consulting services that greatly accelerate
analysts have highlighted software and application security as the            adoption of best practices for secure development – across all
number-one IT security risk facing large business and public sector           stages of the software development lifecycle. Implementation of the
organizations today. In addition, customers expect the software they          TELUS SDM can help your organization realize improved product
purchase to be resistant to security threats and free from security           security, fewer product security flaws, reduced development costs,
vulnerabilities. They do not want their privacy and identities put at risk.   and accelerated time-to-market. With TELUS SDM, your
                                                                              organization will be able to:
Software security is an industry-wide challenge. Traditional
development methodologies do not teach programmers about                      Access a modular and flexible framework. TELUS SDM
secure software architecture, secure software implementation                  allows you to leverage your current capabilities and build secure
practices, software security testing, or any of the other security-           software in complex and disparate technical environments,
sensitive processes at each stage of the software development                 reducing re-engineering costs.
lifecycle. As a result, many organizations, including very
                                                                              Rely on a repeatable process for software security. By
sophisticated software development groups, have found that the
                                                                              implementing security as a repeatable part of the software-
attempt to bootstrap to a high level of capability in secure software
                                                                              development process, your organization can cost-effectively
development is arduous and time-consuming.
                                                                              fix security-deficient software development practices.
Software development organizations need a means of accelerating
                                                                              Reduce the rate of security defects. TELUS SDM helps you
secure software development. By shortening the time to develop
                                                                              build software code that is resistant to security threats and
more secure software, they will reduce the risks to themselves and
                                                                              vulnerabilities. Avoid costly software security flaws and spend less
their customers from security flaws in their products.
                                                                              time and resources on post-implementation security fixes.
Besides posing a potential immediate threat to an enterprise,
                                                                              Reduce time and money required to build a comparable
software and application security risks directly impact compliance
                                                                              program internally. The collective standards and practices
with legislative and regulatory frameworks including Sarbanes-Oxley
                                                                              documents delivered within the SDM IP Materials License represent
(SOX), Bill 198, North American Electric Reliability Council (NERC),
                                                                              many years of effort by highly skilled software security specialists.
Bill 198, and Payment Card Industry (PCI). Software security is a
relatively new issue for many development teams and information               Comply with regulations and policies. Quickly identify your
security professionals. It is a challenge to comply with regulations at       current software security state and know what to do to become
the software level and get positive results from audits.                      compliant with regulations and internal policies.

                                                                              Comply with 2007 PCI-DSS requirements. TELUS SDM can
                                                                              help your organization prepare a strategy to comply with the new
                                                                              PCI Data Security Standard requirements.
TELUS Business Solutions | Security and Risk Management
Business. Backed by TELUS.

secure development model

start developing secure software today                                  SDM features
The TELUS SDM framework provides software development                   licensable material
organizations with the key tools to immediately develop software more
                                                                          More than 50 licensable IP documents including secure
securely and reduce the number and rate of software security flaws.
                                                                          development standards, practices, processes and training
Security is considered at each stage of the development life-cycle.
Software Security Life Cycle                                              Materials may be licensed as a complete set or in the separate
                                                                          – Security Requirements Capture and Specification Processes
                                                                          – Secure Software Architecture Processes
                                                                          – Secure Implementation Practices
                                                                          – Peer Review and Security Testing Practices
                                                                          – Secure Deployment, Maintenance, and Incident Management

                                                                          Two intensive days of software security training
                                                                          Instructor-led classes
                                                                          Applies to all developing languages
The SDM provides licensable intellectual property (IP) documents
including more than 50 highly specialized documents comprising          consulting services
secure development standards, practices, processes and training
                                                                          Address specific needs
materials. These IP modules contain best practices for the
following topics:                                                         Assessment and implementation services

        Integrating security into the software requirements process       Access to research team that powers the products of 16 of
                                                                          the top 20 network security vendors
        Integrating security into the software specifications process
        Software security risk assessment processes (high-level risk
        assessment as well as detailed software risk review)
        Secure software architecture guides
        Design patterns for secure software
        Language-specific secure coding guidelines
        Platform-specific secure coding guidelines
        Detailed software security testing processes for common
        protocols and platforms
        Secure software deployment practices
        Software security incident management guidelines

Contact your TELUS Account Executive or call 1-866-GO-TELUS
6_srm_024. 5/07

Shared By: