DevSecOps

Embedding security into DevOps CI/CD piplines with OWASP Testing Tools and NIST Source Code Security Analyzers per SANS State of Application Security .

Software engineering and maintenance secure by design:

continuous training, inventory analysis, monitoring of reusable code, SAST (Static Application Security Testing), SCA (Security Configuration Assessment), signing releases, DAST (Dynamic Application Security Testing), fuzz testing, automated bug tracking (creating remedy tasks), metrics gathering, run-time application self-protection and error detection.

Links:

CIS Cybersecurity Best Practices

FFIEC Cybersecurity Assessment Tool

OWASP Security by Design

NIST Risk Management Framework

ISO/IEC 27005:2011

ISACA COBIT 5

FreeBSD