Application Security Development Standard approved

June 25, 2020

Secure software applications are critically important to Yale’s mission and reputation. Since application security flaws can be introduced at any stage of the software development lifecycle, application security needs to start in planning and remain an ongoing and top priority.

The Application Security Development Standard, written by Darrell Cook, raises the visibility of application security and supports teams in developing apps that are more secure by finding, fixing, and enhancing the security measures of their applications. Various methods, tools, and testing must be a priority and need to be factored early in the design and development phases.

The standard, which is in support of the Simplify and Standardize Core Processes objective of the ITS balanced scorecard, establishes several important and critical application security development principles, a secure coding practices checklist, and a number of shared practices to employ. The standard was written following the Software Development Life Cycle (SDLC) process and incorporates a checklist format for those standards and best practices that need to be adhered to along the way. Additionally, security scanning tools are also referenced as well as many templates and example documents.

Please review the Application Security Development Standard, now available in the IT Architecture Standards Repository (may require login). The Enterprise Architecture Team always welcomes feedback. The IT Architecture Standards Repository also includes additional standards that will ensure that your services are secure, reliable, performant, and efficient while simultaneously reducing technical debt.