Secure Software Development Lifecycle Practices

This document is a guide detailing the Secure Software Development Lifecycle (SSDLC) practices at Progress Software. It outlines the company's commitment to integrating security throughout the software development process, emphasizing that security is a fundamental component rather than an afterthought. The guide describes the adoption of the OWASP Software Assurance Maturity Model (SAMM) as a framework for assessing and implementing software security. Key principles include proactive security integration, continuous improvement, comprehensive training, risk management, and maintaining transparency and accountability. The document also explains how SAMM is utilized to assess current practices, define strategic roadmaps, and implement security activities at various maturity levels. Additionally, it covers the tooling and functions applied, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA), which help identify vulnerabilities early in the development cycle. Furthermore, the guide emphasizes Secure by Design principles and robust vulnerability management strategies to protect software from potential threats.