Software Development Lifecycle Security

Security is an embedded component of the Software Development Lifecycle (SDLC) at ServiceNow. We use an Agile development process that includes validation steps run by an independent product security team. Developers and other relevant personnel are regularly trained on web application security, through a variety of methods, including classroom‑based training. This includes, but is not limited to, training from organizations such as the Open Web Application Security Project (OWASP).

Dedicated security engineers who are part of the ServiceNow security department are embedded into our overall SDLC. These team members support secure development by:

  • Managing the various internal and external testing programs
  • Managing vulnerability response across the cloud environment
  • Managing the quarterly patching program and hotfixes as needed
  • Performing assessments of internal ServiceNow services and instances that support our business
  • Performing architectural reviews for new security features
  • Curating educational material on security