SAS builds quality software that is secure and privacy-preserving. Our products are built to be resistant to misuse and known cybersecurity threats. SAS guides its architects and developers based on our software security framework (see Figure 1). At the highest level of the framework, we have defined a software security policy structure that supports product security governance. This model applies to each phase of a product’s software development life cycle (SDLC).