Security in Development: The IBM Secure Engineering Framework
An IBM Redguide publication
Published 17 December 2018
IBM Form #: REDP-4641-01
Rate and comment
Authors: Warren Grunbok, Marie Cole
IBM® has long been recognized as a leading provider of hardware, software, and services that are of the highest quality, reliability, function, and integrity. IBM products and services are used around the world by people and organizations with mission-critical demands for high performance, high stress tolerance, high availability, and high security.
As a testament to this long-standing attention at IBM, demonstration of this attention to security can be traced back to the Integrity Statement for IBM mainframe software, which was originally published in 1973:
IBM's long-term commitment to System Integrity is unique in the industry, and forms the basis of MVS (now IBM z/OS) industry leadership in system security. IBM MVS (now IBM z/OS) is designed to help you protect your system, data, transactions, and applications from accidental or malicious modification. This is one of the many reasons IBM 360 (now IBM Z) remains the industry's premier data server for mission-critical workloads.
This commitment continues to apply to IBM’s mainframe systems and is reiterated at the Server RACF General User's Guide web page.
The IT market transformed in 40-plus years, and so have product development and information security practices. The IBM commitment to continuously improving product security remains a constant differentiator for the company.
In this IBM Redguide™ publication, we describe secure engineering practices for software products. We offer a description of an end-to-end approach to product development and delivery, with security considered.
IBM is producing this IBM Redguide publication in the hope that interested parties (clients, other IT companies, academics, and others) can find these practices to be a useful example of the type of security practices that are increasingly a must-have for developing products and applications that run in the world’s digital infrastructure. We also hope this publication can enrich our continued collaboration with others in the industry, standards bodies, government, and elsewhere, as we seek to learn and continuously refine our approach.
Table of contents
The IBM Redpaper publication includes the following topics::
- Common development process
- Governance of a common development process
- Product Lifecycle Management
- Secure Engineering Framework
- PSIRT response times
- Infrastructure compliance
- Continuous security improvement
- Supply chain security
Others who read this publication also read
Follow IBM Redbooks
Follow IBM Redbooks