Lexmark C4342 Security White Paper - Page 7

Lexmark Secure Software Development Lifecycle (SSDL) 7 Lexmark Secure Software Development Lifecycle (SSDL) Lexmark Secure Software Development Lifecycle (SSDL) Lexmark is a global technology company that creates enterprise software, hardware, and services. It helps organizations draw deeper value from their business information and serves customers in 170 countries. This section describes Lexmark's process for developing products, both software and hardware, that are more secure and better able to meet the security requirements of our customers. It provides a description of a generally applicable security assurance process for the improvement of software security that has been modeled after current industry best practices. Overview All Lexmark hardware, software, and firmware are designed using the security principles outlined in our Secure Software Development Lifecycle (SSDL). The process addresses all aspects of security from planning through design and implementation, including quality assurance, release, and maintenance. The SSDL offers unmatched protection checkpoints to meet your organization's most stringent security standards. While most of the security practices are generally applicable to all Lexmark software and hardware. Lexmark evaluates each software or hardware product with the most applicable and appropriate security practices for that product or product class based on factors including but not limited to target market, product maturity, and target user environment. Conclusion Lexmark's Secure Software Development Lifecycle process is a series of product activities designed to address various aspects of security as related to the Lexmark software development process. This process provides a framework for designing enterprise software and hardware products that are more secure and resilient in the changing security landscape and is essential to meet the security requirements of our customers. For more information, see the Secure Software Development Lifecycle (SSDL) White Paper. Vulnerability Management At Lexmark, reducing exposure to vulnerabilities is our priority so users can focus on what is important- supporting customers, protecting critical assets, and moving their business forward. As defined by our SSDL, Lexmark's security staff and experts monitor multiple channels for the identification of new security vulnerabilities including internal review, customer service, security-focused press, security-related academic research, and technical alerts from organizations like NIST-National Vulnerability Database and US-Computer Emergency Readiness Team (US-CERT). When the need arises, our experts react quickly to eliminate exposure to the threat and responsibly disclose the remediation. The new vulnerabilities that can affect Lexmark's products are addressed through the following process: 1 The vulnerability is analyzed to determine if it affects the product. (Vulnerabilities found in shared system or third-party code libraries do not apply, depending on the way the code is used in the system.) 2 Lexmark's security staff determines if the exploit mechanism for the vulnerability is possible in Lexmark's implementation.