In this presentation, we will introduce the concept and purpose of Security Development Lifecycle (SDL), and share Synology's experience in introducing SDL and practicing DevSecOps. Demonstrating how product security assurance and penetration testing is conducted and the results, as well as the use of static and dynamic automated application security testing to further enhance software quality and security.

We will share the challenges encountered in introducing SDL and practicing DevSecOps, and how to solve them step by step. We hope the audience will have a better understanding of the importance and necessity of SDL and DevSecOps through practical experience. These actions not only contribute to the improvement of software quality and security, but also provide a more secure product for users.