Secure by Design (SBD) in the IT industry refers to an approach where security is integrated into the design phase of software, systems, or products rather than being added as an afterthought. The goal is to proactively identify and mitigate security risks throughout the development lifecycle rather than trying to patch vulnerabilities later.
The Secure by Design (SBD) Engineer works closely with the Project Manager (PM) from the project's outset. Together, they examine the architecture with a focus on security. If any vulnerabilities or risks are identified, the SBD Engineer provides recommendations to address them.
As the project progresses, and typically during the mid-stage of System Integration Testing (SIT) when major defects are resolved, the SBD Engineer requests a Fortify scan of the codebase before deployment. If the scan reveals no issues, the process continues smoothly. However, if vulnerabilities are found, the team undertakes code refactoring to address them. After refactoring, the SBD Engineer ensures that any changes do not affect the system's functionality through SIT regression testing.
This meticulous approach ensures that security is integrated into every phase of the project, ultimately resulting in a more resilient and secure IT system.
No comments:
Post a Comment