These are recommended best practices you should start with to begin hardening your project, your coding and devops practices, and to help you begin practicing security as a mindset and habit. Note that this does not replace the need for a professional audit in the future, but does prepare you for it.
The TL;DR is that you should consider:
- Having a private security reporting pipeline with a designated handler and public vulnerability disclosure process
- Following best practices for development, build pipelines, etc.
- Keeping up to date on security practices and vulnerabilities (CVEs, necessary patches, etc)
- Maintaining up-to-date knowledgebases that keep track of security efforts, access privileges, etc.
- Creating processes for handling disclosures and security issues internally
- Keeping milestones in mind for when you need to increase security efforts (e.g. harden further, get an audit, etc)
| Back | Next |