IBM® has long been recognized as a leading provider of hardware, software, and services that are of the highest quality, reliability, function, and integrity. IBM products and services are used around the world by people and organizations with mission-critical demands for high performance, high stress tolerance, high availability, and high security.
As a testament to this long-standing attention at IBM, demonstration of this can be traced back to the Integrity Statement for IBM mainframe software, originally published in 1973:
"IBM’s long-term commitment to System Integrity is unique in the industry, and forms the basis of MVS (now z/OS®) industry leadership in system security. IBM MVS (now z/OS) is designed to help you protect your system, data, transactions, and applications from accidental or malicious modification. This is one of the many reasons IBM 360 (now System z®) remains the industry’s premier data server for mission-critical workloads."
This commitment continues to apply to IBM's mainframe systems.
The IT market has certainly transformed in 35-plus years, and so have product development and information security practices. The IBM commitment to continuously improving product security has remained a constant differentiator for the company.
In this IBM Redguide™ we describe secure engineering practices for software products. We offer a description of an end-to-end approach to product delivery, with security taken into account. IBM is publishing this in the hope that interested parties - whether they be clients, other IT companies, academics and others - can find these practices to be a useful example of the type of security practices that are increasingly a must-have for developing products and applications that run in the world’s digital infrastructure. We also hope this IBM Redguide can enrich our continued collaboration with others in the industry, standards bodies, government, and elsewhere, as we seek to learn and continuously refine our approach.
Table of contents
Common development process
Secure Engineering Framework
Continuous security improvement
Supply chain security