Secure Software Development
Developers create better and more secure software when they follow secure software development practices. UC’s Secure Software Development Standard defines the minimum requirements for these practices. The projects covered by this standard are sometimes called “custom,” “in-house” or “open-source” software applications.
Applications, regardless of where they are hosted or where they run, are often not secure by default and require specific steps to achieve a secure outcome. Full-featured and robust programming languages and development platforms can weaken cyber defense if implemented incorrectly. In fact, the risk is so common that, when a penetration test is done to assess a system’s cyber risk, the report usually contains a chapter on “exploiting application weaknesses.”
Attackers can use poorly constructed applications to compromise UC Institutional Information and/or IT Resources or make it possible to use UC IT Resources to do harm to others. The best time to start applying good security principles is before development when requirements are created as part of an overall security architecture.
This standard supports UC’s information security policy, IS-3, and it applies to all Locations and all new software developed by or for the University of California as a network accessible production application. For information about cybersecurity resources near you, visit Location Information Security Resources.
To read the full standard, please click on the link below.