Product

Controls to lead to deploying a secure product with minimal vulnerabilities with associated required attestations and artifacts.

Practices

P

P.1 Develop security requirements

The development of software-related objectives and expectations to protect the service and data at the core of the application.

P.2 Build security in

Use software development practices and processes that will lead to the development of secure software products.

P.3 Manage component and container choices

Software supply chain risk can be reduced by careful choice and handling of third-party components and containers.

P.4 Discover vulnerabilities

Use automated and manual vulnerability discovery techniques to identify previously-undisclosed vulnerabilities in in-house and third-party code, including AI models.

P.5 Manage vulnerable components and containers

Develop and implement a strategy for patching/upgrading components and containers to the latest secure version.