At Milestone, we continuously strive to develop and deliver secure products and services that adhere to ever-evolving security requirements and standards, as well as the high expectations of an increasingly digital world.
To ensure that we do, we’ve created the Security Development Lifecycle (SDL).
The SDL is built on well-established and proven principles that include Secure by Design, Secure by Default and Secure in Deployment.
In addition, the SDL describes the requirements and processes that must be followed during the design and development of all our products and services.
These cover the areas of Security Development Lifecycle foundation, Secure Implementation, Security Verification & Validation, and Security Management & Governance.
You can see an overview here:
Milestone ensures that we integrate security considerations into every stage of our software development.
By prioritizing key principles such as least privilege, input validation, secure coding practices, threat modelling and threat assessment, we aim to prevent security vulnerabilities and weaknesses from being introduced into our products and services in the first place.
Secure architecture is another element of the secure by design principle. It focuses on the defense-in-depth strategy, where access to the product or service and the data being processed are protected through multiple independent security layers.
These include authentication, server-side access authorization, secure communication, secure data storage, data integrity validation, network segmentation, redundancy and high-availability.
Defense in depth can be illustrated by the Swiss Cheese Model, where each slice of cheese illustrates a security layer that contains unknown vulnerabilities that may be exploitable. Multiple security layers make it unlikely the vulnerabilities in all will line up to allow a hacker to gain access.
Milestone products and services are developed following the secure by default principle, ensuring they deliver maximum security out-of-the-box.
The principle covers secure default configurations, strict adherence to the least privilege principle, robust authentication, server-side authorization, encrypted communication, secure and encrypted data storage, as well as adherence to the fail-securely principle.
Milestone’s commitment to cybersecurity goes beyond the development phase. We aim to ensure that by using our detailed documentation and guides you can securely deploy, maintain and use our products and services in your organization.
Furthermore, as a recognized Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), Milestone is dedicated to transparency by identifying and publishing vulnerabilities and delivering timely security patches.
You can read more about how we do vulnerability management here. You can also see our detailed Vulnerability Management Policy and Security Development Lifecycle (SDL).