DESING
Product security starts at an early stage. F5 Product Development does threat modelling before writing a single line of code. New features are evaluated for system vulnerabilities by architects.
A vulnerability that may be fixed in one hour during the design phase may need ten hours during the coding phase and one thousand hours after the product is out. During the examination of a threat model, issues such as defining and evaluating security boundaries, limiting the risk surface, and best practises for developing and conducting security-related activities are discussed.
Construction
Following the completion of design, coding begins. The whole F5 development team has received extensive training in the process of building safe code. When it comes to software and network attacks, however, even the tiniest error might have enormous consequences. Regular code reviews are conducted with the security team by F5 engineers, who also employ static code analysis techniques to uncover common issues. Standardization and recommended practises aid developers in avoiding typical security issues.
Test
Security testing that is time- and labor-intensive is a massive endeavour for any firm. At F5, security and development teams work to guarantee that each piece of software published to the market has a high degree of security.
Vulnerability Response
There are still security holes that can be exploited despite the use of threat models, secure coding practises, extensive education and testing. In production, every second counts when dealing with a security hole. In order to adapt to changing customer needs and best practises, F5 regularly revises its vulnerability response policy. F5 keeps tabs on vulnerabilities and issues reports on them at least once a week to guarantee proper prioritisation and prompt response to security incidents, whether they are discovered internally, through third-party testing, or reported by a customer. F5 is able to responsibly disclose vulnerabilities, mitigate them, and provide patches and protection against exploits because of its close collaboration with security researchers and other professionals, including those from the National Vulnerability Database, MITRE CVE, CERT Coordination Center, Redhat, OpenSSL, and the Internet Systems Consortium (ISC). To ensure that the most up-to-date security information is readily available, F5 has released over 350 Security Advisories in the past year. These advisories cover a wide range of topics, from articles on protecting against malware and DDoS attacks to those on educating readers about newly discovered threats (such as script injections and Trojans).
Reference:
F5 (2016). Secure Coding life cycle. Available at: https: www.f5.com (Accessed:6 December 2022)
Comments
Post a Comment