Delivering a comprehensive set of security features requires security to be prioritized at each stage of development. This process is called the Dell’s Secure Development Lifecycle (SDL), which defines security controls that Dell product teams adopt while developing new features and functionality. Dell collaborates through many industry standard venues such as SAFECode, Building Security In Maturity Model (BSIMM), and IEEE Center for Secure Design to ensure that industry practices are followed.
Figure 1. Secure development lifecycle
VxRail’s Product Development includes security that is integrated through the product life cycle. Our product features are designed with security in mind, with our concepts and designs analyzed to assess the potential security impact. During development, we perform threat modeling, code reviews, and scanning of third-party components. Prior to release, we scan the software to ensure that open vulnerabilities have been updated, malware is not present, and the data can be transmitted and received securely.
Dell has identified a baseline set of security capabilities to be implemented across its portfolio. These baseline security capabilities help Dell products to be easily integrated with customers’ security infrastructures and meet the customers’ security objectives and compliance requirements. Dell executives from the business, the Product & Application Security Office (PAS), and other key stakeholders participate in this review process. The process reviews many factors, including the results of an internal security assessment of the product. The SDL is part of a broader set of processes within the secure design standard. The secure design standard is the benchmark for building security into Dell products.
The standard relates to the security of all product functionality and describes mandatory security functionality, which must be built into any product that is delivered by Dell to customers. This standard enables Dell products to meet customers rigorous security requirements, including: