Quiz Entry - updated: 2026.06.20
What security activities occur during the Release and Response phases of SDL?
Release does a final security sign-off and stands up an incident-response plan with 24/7 contacts; Response then executes that plan and feeds the lessons back into the process.
Phase Five: Release - Final review before shipping
- Provide Software Security Incident Response Plan (SSIRP) — the documented playbook for what to do when a vulnerability is found in the shipped product
- Identify contacts for Incident Response Team
- 24x7x365 contact information for engineering, marketing, and management
- Ensure ability to service all code including "out of band" releases and 3rd party code
Phase Six: Response - Post-release security
- Creation of clearly defined support policy
- Execute incident response plan when vulnerabilities are discovered
- Learn from incidents to improve the process