a proactive strategy for security management at wso2

22
A Proactive Strategy for Security Management at WSO2 Tharindu Edirisinghe Senior Software Engineer WSO2 Platform Security Team

Upload: wso2-inc

Post on 06-Jan-2017

184 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: A Proactive Strategy for Security Management at WSO2

A Proactive Strategy for Security Management at WSO2

Tharindu EdirisingheSenior Software Engineer

WSO2 Platform Security Team

Page 2: A Proactive Strategy for Security Management at WSO2

Agenda

● How security is integrated into the software development life cycle of WSO2

● Security integration in the automated software build processes

● The mandatory security checks performed before releasing products

● The security vulnerability reporting process of WSO2

● How the WSO2 security team collaborates with other parties

● The security patch release strategy

● How you can become a contributor

Page 3: A Proactive Strategy for Security Management at WSO2

Security in Software Development Life Cycle

Page 4: A Proactive Strategy for Security Management at WSO2

Team Collaboration and Governance

Page 5: A Proactive Strategy for Security Management at WSO2

Security in 3rd Party Dependencies

Page 7: A Proactive Strategy for Security Management at WSO2

Security Best Practices in Development Phase

Page 8: A Proactive Strategy for Security Management at WSO2

Security in Testing Phase

Page 9: A Proactive Strategy for Security Management at WSO2

Automated Security Scans in Build Process

Page 10: A Proactive Strategy for Security Management at WSO2

Security Checks Before Releasing Products

Page 11: A Proactive Strategy for Security Management at WSO2

Reporting a Security Vulnerability

Page 12: A Proactive Strategy for Security Management at WSO2

Security Patch Release Strategy

Page 13: A Proactive Strategy for Security Management at WSO2

Monthly Security Bulletin - Customer Announcement

Page 14: A Proactive Strategy for Security Management at WSO2

Security Advisory - Example

Page 15: A Proactive Strategy for Security Management at WSO2

Security Advisory - Example

contd.

Page 16: A Proactive Strategy for Security Management at WSO2

Security Patch Release - Public Announcement

http://wso2.com/security-patch-releases/

Page 17: A Proactive Strategy for Security Management at WSO2

Security Advisories -

Public

https://docs.wso2.com/display/Security/Security+Advisories

Page 18: A Proactive Strategy for Security Management at WSO2

Acknowledgements

https://docs.wso2.com/display/Security/Acknowledgments

Page 19: A Proactive Strategy for Security Management at WSO2

Awareness on Security

Page 21: A Proactive Strategy for Security Management at WSO2

Questions?

Page 22: A Proactive Strategy for Security Management at WSO2

Thank You!