Unity is sharing an open version of its internal Secure Software Development Life Cycle (SSDLC) so that others can benefit from our work. Even better, we’re inviting everyone to contribute to improving them so that we can refine standards for best practices together.
Unity正在共享其内部安全软件开发生命周期(SSDLC)的开放版本,以便其他人可以从我们的工作中受益。 更好的是,我们邀请每个人为改进它们做出贡献,以便我们可以共同完善最佳实践的标准。
Unity’s security team documented its SSDLC for developers who work at Unity to ensure the quality of our codebase security. This content comes from a variety of sources and distills industry best practices and the combined experience of our security team.
This information is not exhaustive, complete, or perfect, but we’re publishing it anyway – Unity’s SSDLC is now public, with a broad open-source license.
这些信息不是详尽,完整或完美的,但是无论如何我们都在发布它 -Unity的SSDLC现在是公开的 ,具有广泛的开源许可证。
By releasing this set of documents openly, we hope to contribute to the broader security community and help other teams that are in the process of defining and developing their own SSDLC.
We also see this as a rare opportunity to recognize the excellent work of our security engineers. Security engineering efforts often go unrecognized, with little to no credit for establishing the practices that become industry standards. Authorship and attribution are a core tenet of this documentation. If it’s adopted by other companies, then we invite them to also share it with their customers as well. Finally, it’s a chance for us to share some of the steps we take in securing our products with you, since we also want the creators and customers we serve to have the best advice possible to secure their hard work.
SSDLC中有什么(What’s in our SSDLCspan style=”font-weight: bold;”>)
Without digging deep into the fine details, this section breaks down the structure of our library. We’ve organized our articles into five broad categories: Coding Practice, Language Best Practices, Security Process, Tools and Automation, and Training.
在不深入研究细节的情况下,本节将分解我们的库的结构。 我们将文章分为五大类:编码实践,语言最佳实践,安全流程,工具和自动化以及培训。
Coding Practice captures common security best practices from a source code perspective. Here, you’ll find our recommendations to developers around API best practices, common web attacks, and secrets management.
编码实践从源代码的角度捕获了常见的安全最佳实践。 在这里,您会发现有关 API最佳做法 , 常见的 络攻击 和 机密管理方面的 建议给开发 人员 。
The Language Best Practices section digs into security considerations specific to different programming languages, with recommendations for Node.js, Golang, C#, and Ruby. We’d love to see you help us expand this section – there are a lot of languages out there!
“ 语言最佳实践” 部分深入探讨了特定于不同编程语言的安全注意事项,并针对 Node.js , Golang , C# 和 Ruby 提出了建议 。 我们希望看到您能帮助我们扩展本节–这里有很多语言!
The Security Process articles are potentially the most important, if least technical, area. This section will help you to establish consistency in your program and provide a process to properly triage risk in your organization. Here we cover our bug bar and risk rating systems, security requirements, and design and implementation reviews.
在 安全流程 文章可能是最重要的,如果至少技术等领域。 本节将帮助您在程序中建立一致性,并提供适当地分类组织中风险的过程。 在这里,我们介绍了我们的 错误栏 和 风险评级 系统, 安全要求 以及 设计 和 实现 审查。
We’ll be adding to Tools and Automation and Training sections after the team has prepared some of Unity’s internal security tooling for this open-source release.
在团队为该开源版本准备了一些Unity内部安全工具之后,我们将在“工具,自动化和培训”部分中添加内容。
需要我们的SSDLC吗你可以拥有它。 (Want our SSDLCYou can have it.)
We designed this SSDLC for you to use it as your own. That means you can clone or fork this repository, find and replace “Unity” with “WidgetCo.,” and share it with your developers. The measure of our success for this project is that you clone and reuse it.
我们为您设计了此SSDLC,以供您自己使用。 这意味着您可以克隆或派生此存储库,找到“ Unity”并将其替换为“ WidgetCo。”,并与开发人员共享。 我们能否成功完成此项目,是您克隆并重复使用它。
This release is just the beginning. We want your feedback. Fork it and make it better (and let us know so that we can adopt your version to improve our own), but please be sure to respect the contribution guidelines and share your knowledge and experience with the community. We’re excited to see our best practices merge with the community’s into a cohesive framework.
此版本仅仅是开始。 我们希望得到您的反馈。 分叉它并使其更好(并让我们知道,以便我们可以采用您的版本来改进我们自己的版本),但是请务必遵守贡献准则,并与 区分享您的知识和经验。 我们很高兴看到我们的最佳实践与 区的融合成为一个有凝聚力的框架。
Access Unity SSDLC
访问Unity SSDLC
翻译自: https://blogs.unity3d.com/2019/12/04/democratizing-the-secure-software-development-life-cycle/
文章知识点与官方知识档案匹配,可进一步学习相关知识Java技能树首页概览91322 人正在系统学习中 相关资源:软件标书范本(技术部分)_软件技术标书-项目管理文档类资源-CSDN文库
声明:本站部分文章及图片源自用户投稿,如本站任何资料有侵权请您尽早请联系jinwei@zod.com.cn进行处理,非常感谢!