Software Security Initiative In-a-Box

Everything you need to launch your own software security initiative

If you’re working with software, it’s essential to have a Software Security Initiative (SSI). An SSI weaves together individual activities to prevent as many security defects as possible from making their way to production. It also helps improve your company’s ability to react appropriately when defects do make it to production. But how do you do this while still maintaining the appropriate level of compliance at an affordable price?

Build a foundation for your Software Security Program

Our software security experts work with you to:

  • Set up a brand-new software security initiative or evolve your current program.
  • Gain insight into your organization’s current software security capability.
  • Create a program that executive management will understand, engineering teams can embrace, and compliance officers will accept.
  • Make an immediate positive impact on your security posture.
  • Set the course for the ongoing improvement of your software security plan with standards, tools, and education.

Make an immediate impact on your security posture.

We provide all the tools you need

We’ll provide everything you need to accomplish your SSI goals including:

  1. Foundational strategy
    Our team works with you to create policies and documentation for risk ranking your applications, classifying data, designing a secure Software Development Life Cycle (SDLC), and measuring development impact and governance. We’ll also build with you an 8-quarter roadmap and high-level resource plan to guide your ongoing work.
  2. Testing
    We’ll perform tests on critical applications and provide a report of our findings. All SSIBs include a time-boxed penetration test. We also do a Security Control Design Analysis (SCDA) with SSIB-Comprehensive.
  3. Development tools and support
    Your developers will receive 90-day trial licenses to SecureAssist™, an Integrated Development Environment (IDE) plugin that identifies coding errors directly at the point of development and coaches the developer through remediation of the error. We also can provide specific coding standards for Java, ASP.NET/C#, C/C++, Ruby on Rails, Java Web Services, HTML5/JavaScript, COBOL, and MEAN.
  4. Training
    Your team will receive 90-day trial access to the complete on-demand eLearning software security course catalog.

Get the SSIB level that is right for you

  • SSIB-Standard. This level bundles together governance documentation, engineering services, and technology to lay the foundation of an SSG for future development in a short period of time. We base our recommendations on interviews with key stakeholders.
  • SSIB-Comprehensive. Organizations with larger application portfolios (more than 50) and/or need to define and share a common understanding of their software risks across multiple business units, geographies, and/or development teams. 

Every SSIB includes:

  • SSI charter & secure SDLC guide
  • Software security policy
  • 8-quarter roadmap
  • Pen test for one application
  • Secure coding standards
  • eLearning trial licenses
  • Codiscope SecureAssist trial licenses

SSIB-Comprehensive adds:

  • Application risk ranking policy
  • Project risk ranking policy
  • Data classification policy
  • Security Control Design Analysis