Building and deploying a secure system is an iterative process involving the entire team responsible for the product, e.g. product owners, developers, auditors, security experts and IT operations.
As a product evolves new features are requested and added. We use a specific development model to ensure that we live up to industry standards regarding security and best software development practices.
New features and requests are formulated by the product owner as use cases. The use cases are then analyzed by software architects in cooperation with the product owner to ensure that the team has a clear and precise view of the upcoming feature; furthermore, any security considerations are considered. This could be permissions for accessing a new API endpoint, user rights for updating a new resource, etc.
Our development team has a background from the FinTech industry where security and software development practices are subject to very strict procedures. We have used those procedures and best practices in the development process of the DecideAct system.
During software development we use TDD, Test Driven Development. This is done to ensure that the software is properly tested and that no new features added to the system will result in regression issues.
During our entire development phase, we follow strict security objectives and perform code analysis in order to deliver the best possible codebase. We use static code analyzers in order to maintain code consistency, govern our coding conventions and to optimize performance and avoid possible security problems.