SDL PROCESS: RELEASE

The focus of this phase is readying a project for public release, including planning ways to effectively perform post-release servicing tasks and address security or privacy vulnerabilities that may occur later.

CLICK ON A SDL PHASE OR PRACTICE BELOW TO LEARN MORE

  • Deliberately reviewing all security activities that were performed helps ensure software release readiness. The Final Security Review (FSR) usually includes examining threat models, tools outputs, and performance against the quality gates and bug bars defined during the Requirements Phase.

    The FSR results in one of three different outcomes: Passed FSR, Passed FSR with exceptions, FSR with escalation.

    When should this practice be implemented?

    Traditional Software development: Release Phase
    Agile development: Every Sprint

    RESOURCES SPECIFIC TO THIS PRACTICE

  • Certifying software prior to a release helps ensure security and privacy requirements were met. Archiving all pertinent data is essential for performing post-release servicing tasks and helps lower the long-term costs associated with sustained software engineering.

    Archiving should include all specifications, source code, binaries, private symbols, threat models, documentation, emergency response plans, and license and servicing terms for any third-party software.

    When should this practice be implemented?

    Traditional Software development: Release Phase
    Agile development: Every Sprint

    RESOURCES SPECIFIC TO THIS PRACTICE