IBM Secure Engineering Portal

IBM Secure Engineering Practices

IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated, or can result in misuse of your systems to attack others.

No IT system or product can be made completely secure and no single product or security measure can be completely effective in preventing improper access.

IBM is both a provider and a consumer of Commercial-off-the-Shelf (COTS) Information Technology hardware, software and services in the global marketplace.

As a consumer of Information Technology, IBM is aware of the need for security related development practices for products, solutions and services used in its Enterprise Computing environments. As a developer of Information Technology for the global marketplace, IBM works to understand and address common requirements for functionality, performance, scalability and security of IBM offerings.

Based on our experience, the key to delivering products and services that are designed to meet client's high expectations is to focus product development execution in four critical areas: a Common Development Process; a Secure Engineering Framework; a Continuous Security Improvement model; and a Supply Chain Security process. This combination of process, framework, and model integrate with a broader set of externally facing processes referred to as global supply chain management.

IBM Secure Engineering Framework

The IBM Secure Engineering Framework reflects best practice from across the company and directs our development teams to give proper attention to security during the development lifecycle. These practices are intended to help enhance product security, protect IBM intellectual property and support the terms of warranty of IBM products.

Secure Engineering is an important element of the overall IBM security strategy. It is reflected in our internal initiative that works to address the dynamic nature of security in our development process. It is also reflected in our drive to meet the demand for high quality, high assurance business solutions, services and Information Technologies for our customers and our own operation.

White papers and Analyst Reports

Network World: IBM Demonstrates Secure Product Development Leadership

The IBM Secure Engineering Framework: A Valuable Cyber Supply Chain Security Model for Enterprise Organizations