Security review of a product involves the following activities:

Analysis:

Threat Modeling

Perform detailed design analysis

List Assets, Activity matrix and Actions chart

Identify threats

Mitigate threats

Static Analysis

            Perform code scanning activity

Perform binary scanning activity

Publish Code Analysis Reports for review by component owners

Publish Binary Analysis Reports for review by component owners

Mitigate risks from Code Analysis

Mitigate risks from Binary Analysis

Network Vulnerability Scanning:

                Use available tools on a deployed instance of the product

Publish findings from the tool

Mitigate risks from the findings

Web Security testing:

Request PSO office to perform testing

Publish findings from the testing

Mitigate risks from the findings

Malware scanning:

            Request Malware detection

Publish findings from malware detection

Mitigate any findings

Third party components

Harden third party components

Use latest secure versions

Source third party components

Documentation:

Provide a security configuration guide

Document known false positives

Vulnerability response plan

Patching Capability plan

Governance:

Participate in Security Training

Security Champions identified

Enforce coding conventions

Periodic security review with Business Unit