ABSTRACT
The design and development (A3) phase (see Figure 5.1) is when the end user of your software is foremost in your mind. During this phase you will do an analysis of policy compliance, create the test plan documentation, update your threat model if necessary, conduct a design security analysis and review, and do a privacy implementation assessment so you can make informed decisions about how to deploy your software securely and establish development best practices to detect and remove security and privacy issues early in the development cycle. You will perform static analysis during both the design and development (A3) and the ship (A4) phases of your SDL . We will provide a detailed description of static analy sis in the next chapter. You will build the plan for how you will take your project through the rest of the SDL process, from implementation, to verification, to release. During the design and development (A3) phase you establish best practices for this phase using functional and design specifications.
