Stellar Cyber Security Development Lifecycle
Stellar Cyber's Security Development Lifecycle (SDL) employs a standard set of best practices to maximize security and quality in a rapidly evolving threat landscape. The Stellar Cyber SDL emphasizes Agile principles, ensuring quick responses through rapid iterations.
The table below summarizes the best practices of Stellar Cyber's SDL:
Security Development Lifecycle Phases | Activities |
|---|---|
| Training | Provide regular standardized security development training to Stellar Cyber developers |
| Define standard security requirements and best coding practices |
| Incorporate GDPR, HIPPA, and industry-standard compliance requirements into all product requirements for security and privacy | |
| Define credential and data life cycles to ensure security and privacy | |
| Create quality gates and bug bars | |
| Design | Perform threat model analysis |
| Ensure attack surface minimization | |
| Conduct architecture security review | |
| Perform code review |
| Apply third-party and open source software tracking | |
| Implement proper cryptography standards | |
| Discourage unsafe functions; use type-safe language in most implementations | |
| Perform static analysis security testing | |
| Perform vulnerability testing | |
| Release | Conduct release gate checking on security |
| Monitoring | Standardize audit logs; log all critical actions |
| Monitor performance and abnormal issues | |
| Response | Work with Customer Success team on incident responses |
About Stellar Cyber's Best Practices
This section provides more information on each of Stellar Cyber's standard best practices for the security development lifecycle.
Best Practice – Training
Standardized training ensures that everyone in the Stellar Cyber development community is working from a common understanding of the security development lifecycle. This includes both the fundamentals of building security into our product as well as how our customers can use it to enhance their own security. From development to implementation, training ensures that the Stellar Cyber community is commonly aligned towards a secure environment.
Best Practice – Requirements
Security requirements extend from best coding practices to industry-standard compliance laws for privacy and security. Requirements are typically agreed upon at the start of the lifecycle and help form the foundation of our efforts, even as we strive to evolve them within a shifting threat landscape. By implementing a strict set of requirements for privacy and data, our customers can rest assured that Stellar Cyber takes their data seriously. Similarly, standardized quality requirements for quality gates and bug bars ensure a well-built product.
Best Practice – Design
During the design phase, Stellar Cyber focuses on the critical task of self-assessment, performing threat model analysis to ensure minimization of the attack surface for our customers. Architecture security reviews take place during this phase and ensure that the entire development team is asking important questions about the development to come. Asking the right questions during this phase ensures that potential vulnerabilities are caught and eliminated before they become issues.
Best Practice – Implementation
The implementation phase is where the principles agreed upon during the design phase find their way into code. To ensure that this takes place as securely as possible, Stellar Cyber developers perform regular code reviews to ensure that cryptography is applied consistently using specified libraries, that third-party components are thoroughly vetted and tracked, that only approved tools are used, and that any unsafe functions are identified and replaced with type-safe language.
Best Practice – Testing
Constant testing assures a secure product for our customers and takes multiple forms:
Static Analysis Security Testing takes place before source code is compiled and offers a scalable technique to review the security of code in a multi-developer environment. At Stellar Cyber, SAST is a standard part of the commit pipeline, helping reveal potential security flaws each time the product is built.
Vulnerability testing simulates the sorts of environments our product will face during regular usage. By simulating attacks on our product, we can help identify potential vulnerabilities resulting from implementation flaws, configuration problems, or deployment issues.
Best Practice – Release
At Stellar Cyber, nothing gets to the field before it has been thoroughly reviewed, tested, and approved according to our best practices. As part of this commitment, we conduct standard security checks as part of the release gate. It doesn't get to you until it gets by us.
Best Practice – Monitoring
Providing built-in monitoring of our products ensures that if problems do arise, we have the tools to investigate and address them. Standardized audit logs provide a rich forensic trail for understanding what's taking place in the product. Similarly, internal monitoring for performance issues and abnormalities helps you understand potential items of concern before they become problems.
Best Practice – Response
If problems do take place, we want to make sure we are learning from them. The response phase closes the loop between incidents reported to our Customer Success team and the response from the development team, ensuring not only a rapid response to the problem at hand, but also an integrated self-assessment for the factors that may have helped cause them in the first place. Were there any red flags we missed during design, implementation, or testing that could have prevented a problem? How can we use this incident to improve our processes?
Summary
At Stellar Cyber, we are committed to your operational security. The SDL is an evolving tool guiding all phases of development that ensures exactly that, both now and into the future.
