Secure Development Lifecycle

Security-Integrated Development Process

Security is embedded throughout Avoca’s software development lifecycle. Code Review & Approval

Mandatory review and approval process before production deployment
Senior and lead engineers conduct security-focused code reviews
Automated vulnerability scanning provides additional review layers
No direct production deployments permitted

Developer Enablement

Security Training

Comprehensive secure coding practices training (target: November 30, 2025)
KnowBe4 platform deployment for ongoing security awareness
Initial training completed through Delve security training program

Vulnerability Scanning

Currently manual audit and review process for application code vulnerabilities
Expert guidance from vCISO informing process improvements
Enhanced automated scanning capabilities under evaluation as part of penetration testing vendor selection

Change & Release Management

Public changelog maintained at docs.avoca.ai for customer visibility
Staging environment testing required before production release
Customer success and engineering teams provide proactive communication for significant changes
Iterative release approach appropriate for startup innovation velocity

Data Protection and PrivacyEncryption, data handling obligations, and privacy controls available to Avoca customers.

⌘I

Secure Development Lifecycle
Security-Integrated Development Process
Developer Enablement
Change & Release Management