At Ingram Micro, we ensure high security of the software that we produce by doing the following as part of our Software Development Life Cycle (SDLC):
-
At each SDLC phase, there is a corresponding security-related activity:
SDLC phase What we do to ensure software security Pre-requirements Develop policies and conduct security trainings for development teams Requirements gathering Help development teams to gather and review security requirements Design Design reviews from the security point of view Development Security code reviews
Quality Assurance Per-feature penetration testing on test environments Deployment Configuration and whole system penetration testing
Post-deployment
Incident processing - We also follow the general security principles outlined by The Open Web Application Security Project (OWASP).