The best practices used by ITL in developing secure software

Our software security strategy is:

  • managed – includes targeted and coordinated activities
  • integrated – part of software development processes and methodologies
  • evolving – based on modern knowledge
  • responsible – ensures that risks are regularly explained to customers

More specifically, from the point of view of the development company, this means that:

  • We consider that the safe development of software requires separate management.
    • Each software project has a security-focused role that ensures that good security practices are followed and that the implementation is consistent throughout the project.
    • We have a person responsible for security as a separate competency who ensures an adequate level of security knowledge for the organisation.
  • We integrate security measures into our processes
    • We recognise that a one-time audit or penetration test will not produce a consistent result over time, and security will need to be re-validated in the event of system changes and on a regular basis to mitigate the risk of supply chain attacks.
    • We automate software security by implementing automated testing, code analysers, and other widely used tools in software construction processes (CI).
    • We know that one of the biggest security risks is functionality that is not really needed. We avoid creating unnecessary complexity and using complex technology or unreasonable tools.
  • We follow the guidelines and best practices for the safe development and use of the programming languages, frameworks, and environments that we use and we continually improve our skills.
    • We ensure that all our employees receive regular security training appropriate to their role and responsibilities.
    • We use modern technologies that continue to evolve.
    • We keep abreast of trends and risks in the field of cybersecurity and adjust our systems, processes, and methodologies accordingly.
  • We explain security related aspects to the customer and do not expect them to worry about such issues themselves.
    • We recommend that the customer abandon risky functionalities that threaten security and help them find alternative solutions.
    • We clearly and unambiguously communicate to customers the significant risks associated with software solutions and their possible consequences.
    • We respond immediately to major incidents. We inform both the client and CERT-EE.
Privacy Overview
ITL

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.