IBM Secure Engineering Practices and Incident Response Portal
IBM Secure Engineering Practices
IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated, or can result in misuse of your systems to attack others.
No IT system or product can be made completely secure and no single product or security measure can be completely effective in preventing improper access.
IBM is both a provider and a consumer of Commercial-off-the-Shelf (COTS) Information Technology hardware, software and services in the global marketplace.
As a consumer of Information Technology, IBM is aware of the need for security related development practices for products, solutions and services used in its Enterprise Computing environments. As a developer of Information Technology for the global marketplace, IBM works to understand and address common requirements for functionality, performance, scalability and security of IBM offerings.
Based on our experience, the key to delivering products and services that are designed to meet client's high expectations is to focus product development execution in four critical areas: a Common Development Process; a Secure Engineering Framework; a Continuous Security Improvement model; and a Supply Chain Security process. This combination of process, framework, and model integrate with a broader set of externally facing processes referred to as global supply chain management.
IBM Secure Engineering Framework
The IBM Secure Engineering Framework reflects best practices from across the company and directs our development teams to give proper attention to security during the development lifecycle. These practices are intended to help enhance product security, protect IBM intellectual property and support the terms of warranty of IBM products.
Secure Engineering is an important element of the overall IBM security strategy. It is reflected in our internal initiative that works to address the dynamic nature of security in our development process. It is also reflected in our drive to meet the demand for high quality, high assurance business solutions, services and Information Technologies for our customers and our own operation.
White papers and Analyst Reports
Network World: IBM Demonstrates Secure Product Development Leadership (link resides outside of ibm.com)
IBM Secure Engineering Resources
Security Evaluations of IBM Products provides a list of IBM products evaluated under Common Criteria, US Government FIPS and other security programs
IBM X-Force (link resides outside of ibm.com) operates a world class Security Research team that studies and monitors the latest threat trends and advises organizations on how to respond to emerging and critical threats
IBM Secure Engineering Framework provides recommendations on policies, practices and controls to apply to the development lifecycle of computing software, systems and services
IBM Product Security Incident Response Team manages the receipt, investigation and internal coordination of security vulnerability information related to IBM offerings
IBM Participation in the Open Group Trusted Technology Forum(link resides outside of ibm.com) and other consortiums helps support the adoption of best practices for secure technology engineering and procurement strategies to develop a more trustworthy global technology supply chain
