Ongoing

Training

The development team process includes security requirements gathering, implementation, and verification steps before acceptance into production. Each development feature includes a security evaluation component. Where the feature can possibly impact security, then feature specific security documentation and testing is implemented.  This occurs in addition to regular release level security testing.

Developers periodically receive detailed coding and design training in application security through periodic meetings that focusing on product and process security. Topics include: industry vulnerabilities, security trends, development best practices, etc.