Security and the Coding Process

DigitalPersona uses the following operational and process guidelines to ensure that coding of our applications meets security requirements.

Code Analysis Tools

The use of code analysis tools in Visual Studio Team Edition for Developers helps to ensure that possible security-related bugs are identified and resolved early in the coding process.

For every public release, static code analysis is performed using Veracode, and all flaws that it finds are analyzed and either fixed or mitigated.

Used in conjunction with security reviews, these automated tools efficiently detect common coding errors, such as buffer overruns, un-initialized memory, null pointer dereference as well as memory and resource leaks.

Security Reviews

Regular security reviews are conducted during the development process with the intention of enhancing the security of current products and ensuring that no new products ship until they are as secure as possible.

The development of threat models, the use of security checklists and prioritized code reviews emphasizing security concerns are all part of the process for ensuring a secure product.

Validation of All User Input

The first rule of user input is: All input is malicious until proven otherwise. All user input, both direct and indirect is validated and sanitized before use.

All code used in validation is subject to intense scrutiny during code reviews.

Validation of Exported APIs

All parameters of exported application programming interfaces (APIs) are examined for validity and consistency.