there are three major elements we should stress when it comes to security of development environments: the development platforms, the code repositories, and the software configurations.
Security of Development Platforms
the first step in ensuring the security of development platforms is to secure the devices on which our software engineers practice their craft.
Even harder than ensuring change controls on your developers’ workstations is securely provisioning the development clients and servers that they will need for testing.
Security of Code Repositories
the most secure way of managing security for your code repositories is to implement them on an isolated network that includes the development, test, and QA environments.
A pretty good alternative would be to host the repository on the intranet, which would require developers to either be on the local network or connect to it using a VPN connection.
Finally, if you are operating on a limited budget or have limited security expertise in this area, you can choose one of the many web-based repository service providers and let them take care of the security for you.
剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:8.6 开发环境的安全