LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What security activities occur during the Release and Response phases of SDL?

Release does a final security sign-off and stands up an incident-response plan with 24/7 contacts; Response then executes that plan and feeds the lessons back into the process.

Phase Five: Release - Final review before shipping

  • Provide Software Security Incident Response Plan (SSIRP) — the documented playbook for what to do when a vulnerability is found in the shipped product
  • Identify contacts for Incident Response Team
  • 24x7x365 contact information for engineering, marketing, and management
  • Ensure ability to service all code including "out of band" releases and 3rd party code

Phase Six: Response - Post-release security

  • Creation of clearly defined support policy
  • Execute incident response plan when vulnerabilities are discovered
  • Learn from incidents to improve the process

From Quiz: SPRG / SDL and Threat Modeling | Updated: Jun 20, 2026