• EN
Solved

what are the security measures for FME SDLC"Software Development LifeCycle"?

  • 19 November 2020
  • 3 replies
  • 8 views
M

We are on the process to upgrade FME 2015 to 2020. Because all of the security regulations our cybersecuirty team blocking this from happening without getting an answers for the following question, we do appreciate if you can help us with this.

  • What types of applications are being coded and in what languages?
  • What training has been provided or completed in secure application development by the development team?
  • What is the Software Development LifeCycle, and how does security form a part of this?
  • Do the applications take inputs or variables? If yes, how are they sanitised?
  • Are whitelists being used in place of blacklisted characters?
  • Are automated tools used to scan for vulnerabilities, what is the time frame for high and critical vulnerabilities to be remediated?
  • Where will the code repository sit?
  • How are error exceptions handled?
  • What network separation is there from Dev/ QA/ Prod, who reviews the code?

 

icon

Best answer by andreaatsafe 19 November 2020, 23:33

View original

3 replies

A
Rank
Badge +10

Hi @m.hussien​ ,

Safe Software is ISO 27001:2013 certified for the management of information security for the protection of company and customer information.

As part of our Product Support & Patch Policy, all betas and Current Releases of FME will have security patches available for download. We recommend that all users stay on the Current Release of FME. It is up to the user to download & install security patches. See Safe Software’s Support Policy on Versions on this page: https://www.safe.com/support/product-support-policy/

For more detailed information about our release process and versioning, please see this article.Should you have additional questions, I would recommend contacting your account manager or FME Partner. If you don't have a contact, please reach out to info@safe.com and we’ll be happy to assist.

-Andrea

M

Thanks @andreaatsafe for your fast response. The moment IT knew you Safe ISO 27001:2013 they agreed straight away to proceed with the upgrade

S

-All applications must be coded in secure languages and undergo training in secure application development. -Security must be considered throughout the entire software development life cycle. -All inputs and variables must be sanitized before being used. -Whitelists must be used in place of blacklists. -All vulnerabilities must be remediated promptly. -The code repository must be securely stored. -All error exceptions must be handled securely. -There must be a clear separation between development, QA, and production networks. -A security team must review all code before being deployed. I think using computer vision development services might also be appropriate. I hope this helps!

Reply


Community Stats

28,866
Posts
109,983
Replies
36,671
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.