Undefined Description
A Product Security Architect will perform the Security Architecture Review (SAR).
The Offering team is responsible for ensuring that the Security Architect has the resources necessary to complete the Security Architecture Review.
The SAR should be completed during the development phase for new Offerings. For Offerings that do not have a SAR, one should be completed as soon as possible. For all Offerings, a SAR should be completed during development of any update that includes significant changes.
Definition of Done
- An SAR has been completed.
- The results of the review have been shared with the development and quality assurance teams.
- The results of the review have been linked as evidence to https://product-security.pages.redhat.com/offering-registry/offerings/openshift-servicemesh/evidence/secure_architecture_review/