This IBM Redguide describes IBM's approach to secure engineering practices for software products.
About this Redguide
Security in Development: The IBM Secure Engineering Framework, an IBM Redguide™, looks at software product delivery from an end-to-end perspective and discusses key security practices for each phase of software development. These key security practices are summarized in the IBM Secure Engineering Framework.
The Secure Engineering Framework (SEF) is intended to help ensure that software is secure by design, secure in implementation, and secure in deployment, and its practices are grouped into the following practice areas:
- Education and awareness
- Project planning
- Risk assessment and threat modeling
- Security requirements
- Secure coding
- Test and vulnerability assessment
- Security documentation
- Incident response management