PO.4.1: Define criteria for software security checks and track throughout the SDLC.
Example 1: Ensure that the criteria adequately indicate how effectively security risk is being managed.
Example 2: Define key performance indicators (KPIs), key risk indicators (KRIs), vulnerability severity scores, and other measures for software security.
Example 3: Add software security criteria to existing checks (e.g., the Definition of Done in agile SDLC methodologies).
Example 4: Review the artifacts generated as part of the software development workflow system to determine if they meet the criteria.
Example 5: Record security check approvals, rejections, and exception requests as part of the workflow and tracking system.
Example 6: Analyze collected data in the context of the security successes and failures of each development project, and use the results to improve the SDLC.
Description
Define criteria for software security checks and track throughout the SDLC.