Strategie organizací v šesti bodech:
- 1. Conduct a software audit. An audit will uncover and help prioritize existing security vulnerabilities and code quality issues.
- 2. Implement a "stop the bleeding" plan. The plan, accomplished by deploying an extensible, rules-based "quality/security compiler," ensures that tactical issues are addressed and enforces proper coding practices in new development.
- 3. Perform a more detailed in-process audit. The in-depth audit looks for design and architecture weaknesses and correlates them with known security vulnerabilities. The findings are used to help plan a strategic road map.
- 4. Convert in-process audit findings into policy. The next step is to clean up "one-time fixes" and update a rules-based security compiler to include any new policy requirements.
- 5. Measure improvement. To gauge the initiative's success, it is imperative to monitor the trends and results from implementing the new processes and tools.
- 6. Manage iterations of improvements. This iterative process requires repeating Steps 3 through 5. The key is to streamline the change process based on priorities, starting with the highest priority weaknesses.
