This is Brightcove's official guidelines for our Secure Software Development Lifecycle (SSDLC). These documents help engineers, project managers, and product managers ensure their applications are coded in a secure manner conducive to protecting our customers' data.
This suite of documents is forked from the SSDLC process used by UnityTech and updated accordingly with Brightcove's policies.
Maintenance of these documents is performed by the Brightcove Security Engineering team.
This repository is intentionally left public in order to provide transparency into our Application Security program for current and prospective customers. Additionally, it helps serve as a reference for the Brightcove Business Security team during security assessments customers perform on Brightcove. Maintainers should keep also this fact in mind when adding any additional details.
Several SSDLC-related references that this guide uses are included below:
- OWASP Top 10
- OWASP Application-Security Verification Standard
- OWASP Software Assurance Maturity Model
- NIST Cybersecurity Framework [PDF]
SSDLC starts at Overview
License found in: LICENSE.md
Copyright © 2021 Unity Technologies
THE INFORMATION PROVIDED HERE DOES NOT REPRESENT OR DESCRIBE ALL OF UNITY’S SSDLC PRACTICES, AND, AS SUCH, DOES NOT REPRESENT ALL PROCESSES EMPLOYED BY UNITY CONCERNING SOFTWARE SECURITY. THE INFORMATION PROVIDED IS AN EXAMPLE FRAMEWORK, BUT NO REPRESENTATIONS OR WARRANTIES ARE MADE OF IT AND NO GUARANTEES ARE PROVIDED CONCERNING ANY SPECIFIC RESULTS. INFORMATION IS PROVIDED “AS-IS” AND “AS AVAILABLE”. ANY USE OF THE INFORMATION PROVIDED IS AT YOUR OWN RISK AND LIABILITY. FURTHER, UNITY MAY CHANGE ANY INFORMATION PROVIDED HERE AT ANY TIME WITHOUT NOTICE TO YOU.
THE INFORMATION AS DOCUMENTED HERE IS SUBJECT TO COPYRIGHT AND OTHER INTELLECTUAL PROPERTY LAWS. PLEASE REVIEW THE LICENSE FILE TO FAMILIARISE YOURSELF WITH THE TERMS OF THE LICENSES PROVIDED BY UNITY.