Please enable JavaScript.
Coggle requires JavaScript to display documents.
Source Code Management, IS THE SOURCE CODE WE DEVELOP SECURE? ARE WE DOING…
Source Code Management
Governance
Scope
Source code taxonomy/metadata
e.g. source code ownership
Scope comprehensiveness/accuracy
Strategy/Plan/End Goal for source code management
Exists? Reviewed? Updated?
Is there a formal plan to achieve it?
Monitoring and reporting source code management
KPI definitions
tracking
RACI formalized
Compliance
Process formalized
Create
Update
Terminate
Source Code Protection
Confidentiality
Technical Access Control
Network access control
On premises
Remote
Public access
Authentication mechanisms
Asset/Information classification
Logical access control
LDAP connection
Access control matrix
Discretionary? Role based? Project Based?
Password policy
Data leak prevention
Technical configuration of github
Base permission to none
Availability
Business Continuity
Archiving
Termination
Storage
In-house
Off-premises
Integrity
Change control
In-hourse
Outsourced
Third-party libraries
Unvetted libraries
Completeness of source code?
Config files?/Scripts
Risk assessment performed
Source Code Vulnerabilities
Process to Identify
Tool
Profile/ standards / Threshold
Prevent
Build checkl controls
React/Correct
Vulnerability management
Monitor
IS THE SOURCE CODE WE DEVELOP SECURE? ARE WE DOING ANYTHING ABOUT IT?
DO WE HAVE THE ADEQUATE GOVERNANCE TO MANAGE OUR SOURCE CODE?
DO WE ADEQUATELY PROTECT OUR SOURCE CODE?