EMC has established a comprehensive approach to secure software development that goes across policy, people, processes, and technology.
Standardized product security
EMC’s internal product security standard—the EMC product security policy—is a common reference for EMC product organizations to benchmark product security against market expectations and industry best practices.
Security-aware engineering community
EMC offers role-based security engineering curriculum to train new and existing engineers on job-specific security best practices and how to use relevant resources. EMC strives to create a security-aware culture across its entire engineering community.
Repeatable secure development process
EMC’s security development lifecycle overlays security on standard development processes to achieve a high degree of compliance with the EMC product security policy. The EMC security development lifecycle follows a rigorous approach to secure product development that involves executive-level risk management before our products are shipped to market.
Best-in-class security technology
EMC has built a set of software, standards, specifications, and designs for common software security elements such as authentication, authorization, audit and accountability, cryptography, and key management using state-of-the-art RSA technology. An open interface allows integration with customers’ security architectures.