Be-Secure seven stage security assessment

This section describes the seven stages of Be-Secure CE security assessment to enhance the security posture of open source projects / open source tech stacks.

Once we receive a request from the community member / user of Be-Secure project to assess an open source tech stack, we will fork the respective open source project into Be-Secure namespace. Then we will commence with our seven stage security assessment as listed below -

• First stage: Identification of the blueprint for BeSman environment using the details on the open source tech stack that has been shared.
• Second stage: If a suitable blueprint doesn’t exist, build a new BeSman environment. This will be the base environment to perform development activities for the shared open source tech stack.
• Third stage: Build the security testing environment/sandbox that can be utilized for conducting security testing for the specific open source tech stack.
• Fourth stage: Conduct security assessment and identify the vulnerabilities in it. This vulnerability information will be published.
• Fifth stage: Identify and develop security patches for the identified vulnerabilities.
• Sixth stage: Upgrade the respective BeSman environments with the confirmed new security patches to strengthen their security posture. Publish the upgraded BeSman environments for active consumption
• Seventh stage: For an existing BeSman environment, the focus is on identifying the latest security vulnerabilities and mapping it to the respective environment. This is a continuous activity that is focused on enhancing the security posture of BeSman environments to address the latest identified vulnerabilities.