Defining Software Security as "TLS support" (previously, SSL) is far from enough - even farther from optimal. Yet, many organizations stop there.
At Hyland's R&D division, we have implemented meticulous processes throughout the entire lifecycle of OnBase development. Starting with focused training for developers and testers, our customized Secure Development Lifecycle accounts for all aspects of security. Here's a quick overview:
Before a design is even drafted, each team must consider any security requirements for the new feature. Beyond TLS's protections (which only fall under Integrity and Confidentiality), we consider all major facets of secure software:
- Authentication
- Integrity
- Non-Repudiation
- Confidentiality
- Availability
- Authorization
Each of these considerations is revisited as features are being designed. Through active threat modeling, all foreseeable threats to OnBase may be pre-emptively defined and mitigated using software security best practices and trusted frameworks.
This empowers our developers with comprehensive strategies for building OnBase as securely as possible from the ground up. Furthermore, this provides our testers with a wide range of attack scenarios which they can use to verify that our security controls have been properly implemented.
Beyond internal development and testing, OnBase is subject to various automated code analysis tools which assist both with code quality and security checks. Additionally, during every major release, Hyland Software employs external security testers who conduct comprehensive attack scenarios against OnBase so as to catch any few issues we may have missed.
With a dedicated Application Security team to guide R&D's security efforts and oversee the entire process, Hyland Software is striving to make OnBase as secure as possible with intuitive security modules for added protection and easily configurable options to fit your security requirements and decisions.
For more information, refer to the OnBase Security R&D Processes document.
