- Ensure host and network security basics are in place
- Implement life cycle governance
- Review security features
- Use external penetration testers to find problems
- Identify personally identifiable information (PII) obligations
- Perform security feature review.
- Create or interface with incident response
- Ensure QA performs edge/boundary value condition testing
- Integrate and deliver security features
- Identify software defects found in operations monitoring and feed them back to development
- Use automated tools along with manual review
- Feed results to the defect management and mitigation system
- Feed results to the defect management and mitigation system
Source: https://www.bsimm.com/about.html