At Dell Technologies, security and
resilience are everyone’s responsibility. Therefore, Dell provides security training to employees on job-specific security best practices and policies to create a security-aware culture across its entire employee community.
Dell has established a comprehensive security program, which endeavors to embed security throughout the product or application lifecycle so every product and application is built securely and remains secure. Dell’s security program includes analysis activities such as threat modeling, static code analysis and security testing to discover and address security defects throughout the development lifecycle.
Dell has also designed a baseline set of security capabilities to meet customers’ security objectives and compliance requirements. This includes an internal business readiness review process, including internal security assessments of a product or application to ensure compliance with Dell’s Secure Development Lifecycle (SDL).
Standardized Secure Development Lifecycle Program Dell’s Secure Development Lifecycle program is aligned with the principles outlined in ISO/IEC 27034 ‘Information technology, Security techniques, Application security.’ Dell also collaborates through many industry standard venues such as SAFECode, BSIMM, and IEEE Center for Secure Design to ensure we follow industry practices.
Additionally, many Dell employees are actively involved in organizations which focus on developing security standards and on defining industry-wide, security practices, including:
- Cloud Security Alliance (CSA)
- Distributed Management Task Force (DMTF)
- The Forum for Incident Response (FIRST)
- International Committee for Information Technology Standards (INCITS)
- International Organization for Standardization (ISO)
- Internet Engineering Task Force (IETF)
- The Open Group
- Organization for the Advancement of Structured Information Standards (OASIS)
- Software Assurance Forum for Excellence in Code (SAFECode)
- Storage Networking Industry Association (SNIA)
