SECURITY WHITEPAPER
SECURITY WHITEPAPER
( Product ) Marketing
While we think that product development is about engineers , in fact it all starts with marketing . They are the ones , who :
identify customers ’ pains and problems ,
create business cases and calculate return on investment ,
tell the world , what have we done .
What good is a great technology if no one know about it ? What good is a great technology if it does not solve real problem ?
Education and Guidance
We continuously educate our engineering teams in terms of security . Regular Community of Practice ( CoP ) and Dedicated Security Coach role has been established for this matter .
Complete development process is documented in the key company document “ The Product Development Guidebook ,” overseen by the CEO of the company .
At Y Soft , we have standardized on LeSS and LeSS Huge frameworks , which are based on Scrum .
We also follow Agile principles .
Y Soft ’ s R & D operates in a manager-less structure , organized per-product . Product organizations are hierarchically flat , i . e ., all people within the product report to the Head of Product ( up to hundreds of employees reporting to one manager ).
Design Threat Assessment The Threat Assessment ( TA ) practice focuses on identifying and understanding of project-level risks based on the functionality of the software being developed and characteristics of the runtime environment . From details about threats and likely attacks against each project , the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security . Additionally , decisions for risk acceptance are more informed , therefore better aligned to the business .
STRIDE modelling is a regular part of the development process for all product increments
YSoft SAFEQ Cloud - 18 - YSOFT . COM