3rd Party Assessment
A third party development team may be a weak point in the organisation, resulting in a steady stream of vulnerabilities in years to come.
By ensuring that security is built into a development lifecycle, an organisation can avoid entire classes of vulnerabilities by implementing good design, enforcing policy, implementing tools, testing and good governance.
One of the biggest questions in security is "How much security is enough?"
MDSec's consultants have worked with hundreds of organisations, and have approached the question from a variety of standpoints using ISO17799 and PCI standards, and defining a Due Diligence process for Mergers and Acquisitions.
MDSec's preferred model is the Building Security In Maturity Model. Our audit tracks 110 SSDL touchpoints and compares the target organisation with the 30 largest software companies or with the parent company, helping to highlight where investment is needed.