Software Development Lifecycle

Our QA team runs static code analysis on release builds and performs additional functional

QA on the code in our lower environments. Once the code has cleanly passed all the tests, it

is approved for production deployment. Additionally, we have a 3rd party auditor perform

quarterly vulnerability and security testing against our framework. Results of the latest

vulnerability and security test are available upon request. The software goes through our

standard software development lifecycle (SDLC). Part of the SDLC involves peer review by a

senior developer trained in the OWASP top-10 vulnerabilities. The pipeline that builds and

packages the product is restricted to the release engineer. The release build is committed to

a repository that only the release engineer can modify. The live servers pull from that

repository, thus restricting what can end up live.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles