PW — Produce Well-Secured Software
24 practices in the Produce Well-Secured Software group
PW.1Design Software to Meet Security Requirements and Mitigate Risks
PW.1.1Use Risk Modeling to Assess Security Risk
PW.1.2Track Security Requirements, Risks, and Design Decisions
PW.1.3Use Standardized Security Features and Services
PW.2Review the Software Design to Verify Compliance with Security Requirements
PW.2.1Conduct Independent Security Design Review
PW.4Reuse Existing Well-Secured Software
PW.4.1Acquire and Maintain Well-Secured Third-Party Components
PW.4.2Create and Maintain Well-Secured In-House Components
PW.4.4Verify Third-Party Component Compliance
PW.5Create Source Code by Adhering to Secure Coding Practices
PW.5.1Follow Secure Coding Practices
PW.6Configure the Compilation, Interpreter, and Build Processes
PW.6.1Use Security-Enhancing Compiler and Build Features
PW.6.2Configure Compiler and Build Tool Security Features
PW.7Review and Analyze Human-Readable Code
PW.7.1Determine Code Review and Analysis Methods
PW.7.2Perform Code Review and Analysis
PW.8Test Executable Code
PW.8.1Determine Executable Code Testing Methods
PW.8.2Scope and Perform Executable Code Testing
PW.9Configure Software to Have Secure Settings by Default
PW.9.1Define a Secure Baseline Configuration
PW.9.2Implement and Document Default Settings