Cloud Software Group Secure Development Lifecycle

This document is a guide detailing the Secure Development Lifecycle (SDL) implemented by Cloud Software Group. It outlines the responsibilities of the Product Security team in ensuring the security of all products and services. The SDL process is integrated throughout the development lifecycle, beginning with security training for engineers that covers various aspects of security, including threat modeling and secure coding practices. The guide describes the planning and requirements gathering phase, where security risks are evaluated for new features. It further details threat modeling activities aimed at identifying potential threats and vulnerabilities early in the development process. The document also discusses code review practices, including manual and assisted reviews using Static Application Security Testing tools. Additionally, it covers supply chain security, security testing methodologies, and the importance of third-party penetration testing. The guide concludes with the Product Security Incident Response Program, which addresses vulnerabilities and incident responses, ensuring ongoing security improvements.