Security has come a long way from in the last 20 years. In IT, we didn’t really have to think about insecure software libraries, vendor vulnerabilities, or zero day.
But we do now.
- You must ask the question regarding application security, did the developer borrow code and was it vetted
- You must explore with networking deployment security, will the S3 buckets you are using to download to your customer sites and it’s transmission be secure
- You must confirm with QA any past issues did not also appear in your new release and all vulnerabilities were researched and tested
- You must also inquire user exploration of the application and/or hardware and any security issues that may arise
This is not an exhaustive list of areas to check for but a foundation on which you can continue your discovery regarding security considerations for your project.