a proactive strategy for security management at wso2

A Proactive Strategy for Security Management at WSO2

Tharindu EdirisingheSenior Software Engineer

WSO2 Platform Security Team

Agenda

● How security is integrated into the software development life cycle of WSO2

● Security integration in the automated software build processes

● The mandatory security checks performed before releasing products

● The security vulnerability reporting process of WSO2

● How the WSO2 security team collaborates with other parties

● The security patch release strategy

● How you can become a contributor

Security in Software Development Life Cycle

Team Collaboration and Governance

Security in 3rd Party Dependencies

Security in 3rd Party Dependencies Contd.

Security Best Practices in Development Phase

Security in Testing Phase

Automated Security Scans in Build Process

Security Checks Before Releasing Products

Reporting a Security Vulnerability

Security Patch Release Strategy

Monthly Security Bulletin - Customer Announcement

Security Advisory - Example

Security Advisory - Example

contd.

Security Patch Release - Public Announcement

http://wso2.com/security-patch-releases/

Security Advisories -

Public

https://docs.wso2.com/display/Security/Security+Advisories

Acknowledgements

https://docs.wso2.com/display/Security/Acknowledgments

Awareness on Security

How you can contribute ?

Questions?

Thank You!