The tool can be used to deliver or procure proof-of-concept products, software-as-a-service (SaaS) applications and to scope feature revisions or bug fixes.
The New Zealand Transport Agency (NZTA) has open sourced a tool that can help organisations simplify the security assurance process, reduce spending on unnecessary third-party assessments and significantly cut the product approval and delivery process time.
Jointly developed by NZTA and Wellington company Catalyst, the Security Development Lifecycle Tool (SDLT) automates aspects of the security assurance process and embeds security requirements earlier in the product development life-cycle.
The tool handles information gathering, task creation, workflow-management and business approvals. It can be used to deliver or procure proof-of-concept products, software-as-a-service (SaaS) applications and to scope feature revisions or bug fixes.
Source code available on GitHub
According to NZTA’s Github repository: The SDLT is a digital questionnaire and task management system for walking technology deliverables through security assurance.
A user of the SDLT can answer a series of questions about their product deliverable. The SDLT will create and manage the necessary security assurance tasks (e.g. PCI-DSS compliance, penetration test, information classification). Once the user has completed the tasks, the SDLT will handle the approvals for the submission by having security architects, chief information security officer and business owner approve it digitally.
Catalyst will install, host and support the SDLT for use by other organisations.
(Inputs: New Zealand Reseller News)