Milestone’s secure development process 

At Milestone, we continuously strive to develop and deliver secure products and services that adhere to ever-evolving security requirements and standards, as well as the high expectations of an increasingly digital world.  

To ensure that we do, we’ve created the Security Development Lifecycle (SDL). 

The Security Development Lifecycle

The SDL is built on well-established and proven principles that include Secure by Design, Secure by Default and Secure in Deployment. 

In addition, the SDL describes the requirements and processes that must be followed during the design and development of all our products and services.  
 
These cover the areas of Security Development Lifecycle foundation, Secure Implementation, Security Verification & Validation, and Security Management & Governance.  

You can see an overview here: 

Secure by design

Milestone ensures that we integrate security considerations into every stage of our software development.  

By prioritizing key principles such as least privilege, input validation, secure coding practices, threat modelling and threat assessment, we aim to prevent security vulnerabilities and weaknesses from being introduced into our products and services in the first place. 

Secure architecture is another element of the secure by design principle. It focuses on the defense-in-depth strategy, where access to the product or service and the data being processed are protected through multiple independent security layers. 

These include authentication, server-side access authorization, secure communication, secure data storage, data integrity validation, network segmentation, redundancy and high-availability. 

Defense in depth can be illustrated by the Swiss Cheese Model, where each slice of cheese illustrates a security layer that contains unknown vulnerabilities that may be exploitable. Multiple security layers make it unlikely the vulnerabilities in all will line up to allow a hacker to gain access. 

Secure by default

Milestone products and services are developed following the secure by default principle, ensuring they deliver maximum security out-of-the-box. 

The principle covers secure default configurations, strict adherence to the least privilege principle, robust authentication, server-side authorization, encrypted communication, secure and encrypted data storage, as well as adherence to the fail-securely principle. 

Secure in deployment

Milestone’s commitment to cybersecurity goes beyond the development phase. We aim to ensure that by using our detailed documentation and guides you can securely deploy, maintain and use our products and services in your organization. 

Furthermore, as a recognized Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), Milestone is dedicated to transparency by identifying and publishing vulnerabilities and delivering timely security patches. 

Learn more

You can read more about how we do vulnerability management here. You can also see our detailed Vulnerability Management Policy and Security Development Lifecycle (SDL).

Ready to see what we have to offer with smart video technology? 
Book a demo
Related content
How Milestone’s software meets video security needs within retail 
How access control works with Milestone's XProtect VMS
What is Milestone Kite and who is it for? 
You will be logged out in
5 minutes and 0 seconds
For your security, sessions automatically end after 15 minutes of inactivity unless you choose to stay logged in.