We have specially developed this section to explain the security measures taken to make our development environment secure. Security Threats section explains which security threats have been taken into consideration. Development environment section explains the infrastructure of Application Development Management (ADM) team and security implemented in network infrastructure to protect all the software assets of the firm from external and internal security threats. Our development process is purified to protect the development source code, so that no one from development team could extract or use the software assets for his/her personal use. Source Controls and Deployment Processes of Development Lifecycle are explained in this section.
Security Threats
While designing to mitigate all the external and internal security threats, following threats have been taken into consideration:
External Threats
Threat Type |
Threat Description |
Virus Infection |
Virus infection can damage critical files |
Spoofing |
Forging email messages can acquire authentication in network |
Tempering |
Changing data in files during transmission |
Repudiation |
Hackers deleting critical files from network |
Information Disclosure |
Critical information or files are disclosed |
Internal Threats
Threat Type |
Threat Description |
Repudiation |
Deleting critical files from network |
Information Disclosure |
All information and files are exposed to every one in network and they can take the contents outside network |
Elevation of Privileges |
All the users have full rights on source code and documents |
Development Environment
Following safeguards are taken to protect development infrastructure from all security threats:
Development Network
Development network is isolated from our corporate and Research and development network. Our network diagram explains current infrastructure:
Development Terminals
All the development terminals are protected by removing all the devices or media from where the contents can be either included or extracted from network.
 |
No Floppy Drives |
|
No USB Drives |
|
No CD/DVD Drives |
|
No Internet Access (protecting from all external threats) |
* For learning new technologies and consulting internet for troubleshooting, research and development network is used.
Development Process| Source Control Process | |
|
We use Microsoft Visual Source Safe (VSS) to manage all the project code and documents centrally on a Dedicated Server for Source Control. MS VSS is rated as one of the best practices for software source protection in the security market. |
|
Configuration Manager manages and tracks all the changes in Source Code and project deliverables |
|
If ADM team needs to upload or send software builds (or project code) to the Clients then a formal request is generated to Configuration Manager to make specific files available on other media |
|
Configuration Manager extracts files from VSS and provides them on required media (Such as CD or DVD) to Authenticated User, who then provides the contents to Client |
Deployment Process |
|
|
In deployment process either we physically deploy the developed software on-site or we host the software remotely if the project type is web based. |
|
For on-site deployment Configuration Manager provides the Software and related documents on CD or DVD to authorized employee of Deployment Team. |
|
For Remote Deployment such as Hosting a Website or Web Application, all the Website Contents or Software Builds are retrieved from Source Control Process and Deployment Team to upload the Contents or Software Build Hosted Server. |
Source Control Process |
|
|
We use Microsoft Visual Source Safe (VSS) to manage all the project code and documents centrally on a Dedicated Server for Source Control. MS VSS is rated as one of the best practices for software source protection in the market of security. |
|
Configuration Manager manages and tracks all the changes in Source Code and project deliverables |
|
If ADM team needs to upload or send software builds (or project code) to the Clients then a formal request is generated to Configuration Manager to make specific files available on other media |
|
Configuration Manager extracts files from VSS and provides them on required media (Such as CD or DVD) to Authenticated User, who then provides the contents to Client |
