Security Best Practice

Owned by Roxy Sanchez
Dec 09, 2022
1 min read

Does your organisation develop applications and systems using security best practice (for example, by following the OWASP secure coding practices)?

There are a number of strands to the Secure Development Methodology within Commonplace:

  1. Secure Development Policy: This sets out the areas of consideration to ensure development is in line with security requirements. This Includes: Risk assessments for development process, controls for outsourced development, security relating to public networks, testing of security requirements, source code repository controls, change control, required security training.

  2. Secure Development Principles: We operate in accordance with a base set of principles to ensure good practice. These are broken into 2 areas.

    1. General approach: This includes matters such as code peer reviews, shared responsibility for security, keeping up to date with latest practices, trends and technologies, close collaboration (daily standups, etc).

    2. Technical principles: This includes standardised handling of security features, use of automated testing for consistency, addressing security issues at the root level, continual investigation of tools to support vulnerability detection, architecture reviewed by senior engineers.