DrayTek Security Development Lifecycle (SDL)

Last Updated: 2023-03-30

SDL process:

Define security requirements

  • Vulnerability Modeling

    DrayTek threat modeling helps developers to identify and prioritize security risks and potential weaknesses. Once DrayTek defects are identified, our team will plan strategies to minimize risks and improve a more secure system, which is the foundation throughout the product development lifecycle.

  • Data Privacy Assessment

    DrayTek follows local regulations and governmental laws to comply with requirements in every market. We consider data important and preserve data privacy properly.

Develop secure coding standards

  • Establish security features

    In the planning stage, DrayTek team dedicates to updating security requirements to accommodate changes in functionality with threat-resistance code.

  • Code review

    DrayTek follows a peer review policy to code development each time code is committed. This mechanism ensures oversight to all code development, helps reduce errors, and enhances engineer coding skills, and familiarity with the DrayOS code base. This process reduces security weaknesses and helps with the early identification of bugs.

  • Security Training

    To enhance professionalism, Draytek developers regularly attend CYBERSEC and external training programs. Documented secure programming principles are followed and we share security programs internally, which educates engineers to ensure robust security knowledge.

Validate and identify threats

  • Manage security risk by using third-party tool

    DrayTek products use third-party components to detect risks and threats. The vulnerability report shows the risk level and the number of alerts. According to the detailed description, developers make prompt response to fix and make correction before release.

Build a standard response process

To address new threats efficiently, it’s vital to prepare a quick response plan. DrayTek has a vulnerability disclosure policy, in which we describe the process and the duties of the involved team. The aim of the policy is to establish a rule and provide a new patch as soon as possible to minimize the damage.

Operate and maintain firmware update

For all DrayTek users, we continue supporting firmware updates to ensure up-to-date security features and provide a complete product service. At DrayTek, we understand the importance of information security, which is why we provide a firmware support period to our users beyond the end of the sale date, allowing them to stay up-to-date with the latest firmware updates. This ensures access to regular firmware updates and keeps systems secure.