Release Tags:

tc:approved-release

stable:follows-policy

assert:supports-upgrade

assert:supports-accessible-upgrade

assert:supports-rolling-upgrade

assert:follows-standard-deprecation

There are 3 fields in a numbered release tag: 0.1.1, where first follows even numbers for stable release, odd numbers for development release for big changes; second follows even numbers for stable release, odd numbers for development release for small updates; third field follows by non-negative numbers for each patch version.

Phases	Requirements	Release 1 Feature Project	Release 1 Integration Project
Requirements	Determine if the project is subject to SDL policy	X	X
	Identify security advisor and security champion	X
	Define security bug bar	X	X
	Bug tracking tool must have Security Bug Effect field and Security Bug Cause field	X
	Security and privacy risk assessment	X
	Write Security plan document
Design	Security design review	X
	Threat modeling	X	X
	Follow cryptograph requirements	X	X
	Write security architecture document
	Minimize default attack surface
	Enable least privilege	X	X
	Default secure	X	X
	Consider a defense-in-depth approach
	Examine past vulnerabilities in previous version of the project
	Deprecate outdated functionality
	Conduct a security review of source code
	Ensure appropriate logging	X	X
	Hardware security design review
	Enforce strong log-out and session management
	Follow NEAT security user experience guidance
	Improve security-related prompts
Implementation	Establish and follow best practices	X	X
	Run static analysis tool	X	X
Validation	Dynamic analysis	X
	Fuzz testing (File parsing, RPC, network)	X	X
	Kernel-model driver test	X	X
	Risk and attack surface review
	Cross-site scripting testing	X	X
	Penetration test
	Binary analysis
	Vulnerability regression test
	Data flow test
	Reply test
	Input validation test (Symbolic Execution)
	Privacy Model Checking (Information Flow Self-Composite Verification)
	Secure code review
	Security push
Release	Incident and response plan	X	X
	Review and update the privacy companion form	X	X
	Complete the privacy disclosure	X	X
	Final security and privacy review	X
	Patch deployment tools	X	X
	Release note with security disclosure	X	X

Browser not supported