This is Brightcove's official guidelines for our Secure Software Development Lifecycle (SSDLC). These documents help engineers, project managers, and product managers ensure their applications are coded in a secure manner conducive to protecting our customers' data.
This suite of documents is forked from the SSDLC process used by UnityTech ( https://github.com/UnityTech/unity-ssdlc ) and updated accordingly with Brightcove's policies.
Maintenance of these documents is performed by the Brightcove Security Engineering team.
This repository is intentionally left public in order to provide transparency into our Application Security program for current and prospective customers. Additionally, it helps serve as a reference for the Brightcove Business Security team during security assessments customers perform on Brightcove. Maintainers should keep also this fact in mind when adding any additional details.
Several SSDLC-related references that this guide uses are included below:
- OWASP Top 10
- OWASP Application-Security Verification Standard
- OWASP Software Assurance Maturity Model
- NIST Cybersecurity Framework [PDF]
SSDLC starts at Overview
License found in: LICENSE.md