Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Release Tags:

tc:approved-release

stable:follows-policy

assert:supports-upgrade

assert:supports-accessible-upgrade

assert:supports-rolling-upgrade

assert:follows-standard-deprecation

There are 3 fields in a numbered release tag: 0.1.1, where first follows even numbers for stable release, odd numbers for development release for big changes; second follows even numbers for stable release, odd numbers for development release for small updates; third field follows by non-negative numbers for each patch version. 


PhasesRequirements

Release 1

Feature Project

Release 1

Integration Project

RequirementsDetermine if the project is subject to SDL policyXX

Identify security advisor and security championX

Define security bug barX

Bug tracking tool must have Security Bug Effect field and Security Bug Cause fieldX

Security and privacy risk assessmentX

Write Security plan document

DesignSecurity design reviewX

Threat modelingX

Follow cryptograph requirementsXX

Write security architecture document


Minimize default attack surface


Enable least privilegeXX

Default secureXX

Consider a defense-in-depth approach


Examine past vulnerabilities in previous version of the project


Deprecate outdated functionality


Conduct a security review of source code


Ensure appropriate loggingXX

Hardware security design review


Enforce strong log-out and session management


Follow NEAT security user experience guidance


Improve security-related prompts

ImplementationEstablish and follow best practicesXX

Run static analysis toolXX
ValidationDynamic analysisX

Fuzz testing (File parsing, RPC, network)XX

Kernel-model driver testXX

Risk and attack surface review


Cross-site scripting testingXX

Penetration test


Binary analysis


Vulnerability regression test


Data flow test


Reply test


Input validation test (Symbolic Execution)


Privacy Model Checking (Information Flow Self-Composite Verification)


Secure code review


Security push

ReleaseIncident and response planXX

Review and update the privacy companion formXX

Complete the privacy disclosureXX

Final security and privacy reviewX

Patch deployment toolsXX

Release note with security disclosureXX
  • No labels