A multinational company developing connected devices aspired to improve their software development processes and practices to integrate security better during product development. For the company's reputation, trust for the services and products that it offers is a fundamental requirement for their successful business.
The company was already using an agile software development model, yet the company's traditional security guidelines were disconnected from the development projects.
The project was launched to transform the current agile software development model to include end-to-end security practices (DevSecOps) and build products with a secure software lifecycle for successfully producing services and products that would fulfill the company’s security needs.
The improved framework shall extend the existing model and support the agile development process without creating security gates that would block or slow down development.
The improved framework shall be suitable for both new products and the continuous development of released products.
The company is also developing services and products with varying security requirements. The framework shall support identifying the protected asset and the risk to choose proper risk-based actions and mitigation methods to successfully build the security baseline for services and products. This allows the development teams to focus on the most important security features and controls.
Fraktal provided integration of product security and DevSecOps practices to the existing software development model. To support implementation Fraktal also helped to define the roles and responsibilities needed to support the development teams to successfully implement the improved framework. The framework is designed to support secure software development for new products and maintained products throughout their lifecycle.
We delivered improvements to the client's existing threat modeling and risk analysis procedures.
The security and privacy requirements can now be tracked and prioritized as part of the normal requirements for a product.
We delivered a framework for continuously developing and maintaining the security of software products throughout their lifecycle.
We defined the product security organization with new roles to undertake secure SDLC activities.