Security Whitepaper - YSoft SAFEQ Cloud | Page 17

SECURITY WHITEPAPER

SECURITY WHITEPAPER

Application Protection

DEVELOPMENT
Y Soft recognizes the importance of application security to its customers and is dedicated to bringing products to market that meet high security standards . To meet the high levels of security , Y Soft has partnered with Security Innovation Inc who has assessed the entire software development lifecycle ( SDLC ) and help defining security practices and activities for the development organization of the YSoft SAFEQ Cloud .
We use OWASP ( Open Web Application Security Project ) guidelines for software design , vulnerability assessment and threat modelling . Possible security implications are identified and marked during design phase , the code is tested using static and dynamic code tools and analysis . Features with security tags are tested by the QA team and only released if passed .
Y Soft uses secure and mature coding languages for software development . Secure coding guidelines for specific languages are also used by the development teams . Software security is mandated by Y Soft Software Development Security Standard .
The Y Soft Secure Software Development Life Cycle for YSoft SAFEQ Cloud , has been reviewed and SD PAC certified by Security Innovation Inc .
SECURE SOFTWARE DEVELOPMENT LIFECYCLE PROCESS
The product security starts with its design and development . We follow agile product development process and OWASP Software Assurance Maturity Model ( SAMM )
Governance Strategy and Metrics
At Y Soft , there are two core business master-processes :
Policy and Compliance
Product Development
Y Soft is a technology company . Both founders are software engineer ( by heart and by experience ) and our original 100 % indirect business model was a cautious decision , that allowed us to focus more on engineering rather than sales . As the company grows , the focus on marketing and sales is logically increasing , but with ~ 27 % of employees in R & D , its heart remains technological .
That said , Product Development is one of our two most important , companywide , business processes .
Global Operational Excellence ( GOE )
Is about how we quote , consult , sell , implement , and support products we have developed using the process above . GOE ( or in general product sales , delivery , and support ) is our second companywide core process .
YSoft SAFEQ Cloud - 17 - YSOFT . COM