Unity AppSec Team 2019
| Requirements Phase Offerings | Design Phase Offerings | Develop Phase Offerings | Test Phase Offerings | Deploy Phase Offerings |
|---|---|---|---|---|
| Security Requirements | Design Review & Threat Models | - Static Analysis Tools - Secure Coding |
- Ask in Slack - Security Testing |
- Pentest in Product - Incident Response Support |
The goal of Unity's SSDLC is to provide product teams and developers best practices on how to leverage software security practices into their existing development process. The phases in the graphic above may not be formally implemented or recognized by your team, but they do generally represent how all software is developed, implicitly or explicitly. Following this model, you are able to best determine what services the Unity Security team provides based on what phase of of the development life-cycle you are currently in with your product.
The SSDLC will continue to evolve, and include services from the broader Security teams; we'll soon be adding links to documents from our Program Management team, Infrastructure Security, SOC, Incident Response, and Application Security.
All feedback is welcome - feel free to update/comment the docs directly or chat with the team on Slack or email.
Our SSDLC is currently organized under the following topics:
Also, be sure to keep an eye out for on-site trainings, which will be announced (and archived) here -> Developer Security Trainings