|
|
The NIS2 Directive requires us to define policies, processes, and procedures in several areas, including third-party risk management and the implementation of a secure software development lifecycle (SSDLC).However, we are encountering more challenges when it comes to defining a secure software development lifecycle for the Natural and Adabas environment.
Within this framework, the control PR.PS-06 requires that:
“Secure software development practices are integrated, and their performance is monitored throughout the software development lifecycle.”
In line with current cybersecurity best practices, this implies the integration of:
SAST (Static Application Security Testing)
DAST (Dynamic Application Security Testing)
Vulnerability management tools
Secure development training for developers
Continuous cybersecurity monitoring across the SDLC
At the moment, we are having difficulties identifying how these practices can be applied in the context of Natural and Adabas, which form a core part of our software development ecosystem. Specifically, we are looking for:
Available SAST tools for Natural
Available DAST tools compatible with your environment
Vulnerability management tools specific to Natural/Adabas
