Software Policies, Procedures & Standards

Set the security bar for applications

Next Steps:


In Foundstone’s experience, most security defects are caused because developers and other stakeholders in the software development lifecycle have not been told what they must do and what they must not. This is best executed through the use of policies and procedures. However, simply having one and not the other makes the end goal of more secure applications harder to achieve. As organizations integrate security into their software development lifecycle, it’s important they provide development staff with the right knowledge to do their jobs.

Key Benefits

Appropriate policies, procedures, and standards allow an organization to set a security bar that all applications must achieve. This allows business analysts to define security requirements, designers and developers to adhere to these standards, testers to investigate violations, and deployment and maintenance engineers to ensure ongoing security compliance.


Foundstone approaches the delivery of these standards by first determining which ones are relevant to the organization. Foundstone consultants then work with your team to provide a draft for review of content. Following this, Foundstone customizes content and layout to adhere to your corporate standards. Finally, Foundstone will deliver the finished product as a document or set of documents.

Our deliverables include some, or all, of the following:

  • Secure Application Development Policy
  • Secure Coding Standards
  • Secure Application Deployment Standards
  • Application Threat Modeling Methodology
  • Application Security Code Review Methodology
  • Application Security Quality Assurance Methodology
  • Application Portfolio Risk Assessment Methodology
  • Security Requirements Engineering Methodology
  • Security Knowledge Management Process Development
  • Tool Integration Process Development