IBM Security and Privacy by Design (SPbD@IBM) is a streamlined and agile set of focused security and privacy practices. These practices aim to reflect our commitment to improve security and privacy when designing generally available (GA) products and services from IBM. SPbD@IBM is influenced by the United States National Institute of Standards and Technology (NIST’s) Secure Software Development Framework (SSDF).
IBM performs both cyber and privacy threat assessments. We leverage standard industry threat model and privacy impact assessment concepts to help ensure data minimization and adequate data protections are in place from the beginning.
System, code and application security tests are performed, in addition to penetration tests and manual ethical hacks. The testing is integrated and automated into DevOps pipelines, supporting agile practices and continuous deployment.
Final individual team and corporate level product reviews of GA products prior to release help ensure key foundational security requirements have been or will be addressed to the satisfaction of IBM standards.