Software Development Life Cycle program
This site house the material related to the Software Development Life Cycle (SDLC) program that the Technology Organization at Truesec adhere to. We base the program on OWASP SAMM . The Software Assurance Maturity Model (SAMM) is a prescriptive model, an open framework which is simple to use, fully defined, and measurable. This is used to evaluate the application security program within the Technology Organization, with annual re-evaluations in September to support roadmap planning and compliance measurement.
The following is the set of practices our program is categorized in
Governance
Governance focuses on the processes and activities related to how we manages overall software development activities. More specifically, this includes concerns that impact cross-functional groups involved in development, as well as business processes established at the organization level that adhere to the Technology Organization.
Design
Design concerns the processes and activities related to how we defines goals and creates software within our development projects. In general, this will include requirements gathering, high-level architecture specification and detailed design.
Implementation
Implementation is focused on the processes and activities related to how we builds and deploys software components and its related defects.
Activities stipulated under this category have the most impact on the daily life of our developers. The joint goal is to ship reliably working software with minimum defects to our customers.
Verification
Verification focuses on the processes and activities related to how we check and test artifacts produced throughout software development. This includes quality assurance work such as testing and also other review and evaluation activities.
Operations
The Operations aspects encompasses that activities necessary to ensure confidentiality, integrity, and availability are maintained throughout the operational lifetime of our applications and their associated data. Increased maturity with regard to this function provides greater assurance that we are resilient in the face of operational disruptions, and responsive to changes in the operational landscape.