YALE-MSS-8.1: Follow an appropriate secure development methodology when writing software

Standards Group:
YALE-MSS-8: Application Development Security

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Not Required Low Risk Server Not Required Moderate Risk Server Upcoming Required for IA High Risk Server Upcoming Required for IA Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

Details and definitions

A secure development methodology highlights secure coding practices.

Such practices must be embedded in common software development lifecycle phases (e.g., design, development, testing, deployment, and maintenance).

Guidance

To implement this, consider the following guidance from Open Worldwide Application Security Project (OWASP):

https://devguide.owasp.org/en/05-implementation/01-documentation/01-proactive-controls/
https://owasp.org/www-project-top-ten/
https://owasp.org/www-project-integration-standards/writeups/owasp_in_sdlc/
https://owasp.org/www-project-application-security-verification-standard/

YALE-MSS-8.1: Follow an appropriate secure development methodology when writing software

Standards Group:YALE-MSS-8: Application Development Security

Details

Standards Group:
YALE-MSS-8: Application Development Security