Supporting an integrated SaaS security framework
Our integrated security framework is designed to operate effectively at the speed that networks currently require. We embed technologies that provide a holistic view and are capable of taking action on threats. We believe in continuous risk assessment and in leveraging automation with governance rules specifically for the cloud. BMC’s security strategy includes the following layers:
- Governance
- Physical
- Perimeter
- Network
- Endpoint
- Application
- Data
Security is an integral part of our software development life cycle
We continuously adapt our security practices, tools, and techniques to embrace new technologies and protect against an evolving threat landscape. We conduct security design reviews and threat modeling workshops to identify potential issues during the architecture and design phases of product development, as well as pre-release testing.
- “Shift-left” approach: Threat modeling, attack surface analysis, security architecture analysis, and other techniques are employed at early phases of application conception.
- Secure coding: Corporate-wide training for all developers, QA engineers, product managers, and architects includes mandatory training on the OWASP Top 10 Security Risks.
- Testing: During product development, static code analysis and libraries' audits are performed on a daily basis. Before release, each product also goes through one or more penetration tests. Policies in place prevent release of products with known high or critical vulnerabilities.