Development

Goal: Implement secure, privacy-aware code and configurations.

1. Adopt secure coding standards (OWASP, CERT) and include them in the definition of done. 
   
2. Use automated static analysis (SAST), dependency scanning and secret detection in CI/CD pipelines.
   
3. Enforce strong access controls for development environments and use separate secrets management.
4. Perform regular code reviews focused on security and privacy by identifying hard-coded secrets and data exposures.
   
5. Implement privacy-enhancing techniques (pseudonymization, tokenization) where feasible. 
   
6. Maintain secure build and deployment scripts; avoid embedding credentials in code.