Version: 1.4

Approved By: Richard D’Lonesteen

Created at: 12/10/2023

1. Overview At ChattyAI, our software development lifecycle is designed to ensure that all products adhere to rigorous security and reliability standards. This document lays out the policies for development and code reviews, focusing on security principles and quality assurance to mitigate potential vulnerabilities early in the development process.

2. Policy Objectives These policies aim to:

• Ensure the identification and mitigation of security risks during the feature design and development stages.
• Maintain high standards of code quality and security through thorough testing and review.
• Promote a culture of security awareness and responsibility among development and QA teams.

3. Development Process

3.1 Feature Design Stage

• The design phase will include threat modeling processes to identify and plan for potential vulnerabilities that could be introduced with new features.
• Design documents must be reviewed and approved by the designated security specialist and project lead before proceeding to implementation.

3.2 Development and Implementation Stage

• Development shall adhere to secure coding guidelines established by recognized standards (e.g., OWASP, SANS).
• Developers must complete a security checklist to ensure all new code complies with secure coding practices before submitting for review.

4. Code Review Process

4.1 Review Requirements

• All committed code must undergo review by at least two qualified persons other than the original author.