Secure Software Development Policy

1. Purpose

To ensure security is built into the software we develop for ourselves and our clients.

All software development performed by Backpack Works.

Requirements & design: consider security and privacy needs up front.
Coding: follow secure coding practices and avoid known anti-patterns (e.g. injection, insecure direct object references).
Dependencies: use automated dependency scanning and keep libraries up to date.
Code review: every change is peer-reviewed before merge.
Secrets: never commit secrets; use environment variables and secret stores.
Testing: automated checks run in CI before deployment.
Separation: development, staging, and production are isolated.

This policy is reviewed at least annually.