Fill This Form To Receive Instant Help
Homework answers / question archive / Scenario You are working as a developer for a software company called Green Pace
You are working as a developer for a software company called Green Pace. It is an engineering company that specializes in custom software design and development for environmentally responsible entrepreneurs worldwide. At Green Pace, the security mission is defense in depth. In order to ensure that all applications comply with the same security policies, you have been tasked with documenting, categorizing, and providing examples for coding and architectural vulnerabilities. Green Pace wants to maximize automation to ensure compliance and keep costs down. Essentially, the company is moving its DevOps practice to a DevSecOps to make it more secure, and the company wants to be well prepared for the security audit. The image below shows how, in DevSecOps, security is a separate and equally veiled function supporting development, operations, and application delivery. In order to complete this project, you need to understand potential vulnerabilities and weaknesses in code and coding best practices. In addition, you will need to be able to understand how to develop secure code to counteract threats.
An auditor will be performing a policy compliance audit to ensure the DevSecOps teams can implement automation, best practices, and continuous testing. You have been tasked with preparing the Green Pace security policy for the auditor. Using what you know about Green Pace practices, you will take the implicit best practices and standardize them in a new security policy. In addition, you will use principles, best practices, and industry standards to support the overarching Triple-A security framework that uses a defense-in-depth best practice as its foundation. Once this is complete, you will be prepared to make recommendations regarding implementation and how to maintain and update the policy in the future. The image below shows the developers’ security pipeline. You will be using this diagram to illustrate where and how automation fits into the development process.
You have been tasked with standardizing security vulnerabilities in code and policy in systems architecture. Specifically, you will open the security policy template and use the instructions outlined below to complete the coding standards based on SEI CERT. The completed security policy will be used to ensure compliance in DevSecOps as part of your defense-in-depth strategy and Triple-A framework.
Coding Standards: This section of the security policy is used to recognize coding vulnerabilities, create standards, and ensure policy compliance for coding within your organization. You will use the same security policy template you used in the Module Three milestone to complete each of the standards templates by adding principles, threat level, and tools. At the completion of this project, you will have a finished security policy. Your security policy should have 10 standards. Several of the vulnerabilities listed may have more than one standard.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
STD-001-CPP | High | Unlikely | Medium | High | 2 |
Policy Names | Explain what it is and how and why the policy applies. |
Encryption in rest |
To complete this project, you must submit the following:
Security Policy for Green Pace
Use the template provided and submit one comprehensive guide.
The following resource(s) may help support your work on the project:
Template: Security Policy Template
Complete and submit this template for Project One.
Website: SonarSource Code Analyzers Rules Explorer
You may use this resource to help locate and justify automation in the DevSecOps pipeline.
Website: STR53-CPP Range Check Element Access
Use this resource to collect the information needed to complete your standards.
Already member? Sign In