Secure Software Development Lifecycle

We perform routine security scans to validate our security posture remains aligned with Viewpoint’s Secure Software Development Life Cycle (SSDLC).

Viewpoint has a policy of risk assessment, prioritisation, and remediation based on established Common Vulnerability Scoring System ratings (CVSS), if deviations are detected.

More specifically, for many products we have significant numbers of automated tests and security scans that are executed as part of our continuous integration and deployment pipelines:

  • Vulnerability Scanning
  • Third Party Component Analysis
  • Intrusion Detection and Antivirus
  • Static Source Code Analysis
  • Dynamic Code Analysis
  • 3rd Party Application Penetration Testing
  • 3rd Party Application Architecture Analysis

Secure architecture, configuration management and patching known vulnerabilities are the keys to data security hygiene. Changes to code, database and infrastructure configurations that may induce customer impact are subject to a documented change management process involving risk analysis, testing and verification prior to installation on production systems.