| ๐ผ 48 An APRA-regulated entity would typically implement secure software development and acquisition techniques to assist in maintaining confidentiality, integrity and availability by improving the general quality and vulnerability profile of the software (refer to Attachment D for further guidance). | | | | |
| ๐ผ 49 The outcome of secure software development and acquisition is to ensure that software: | 3 | | | |
| ๐ผ 49a continues to function as intended regardless of unforeseen circumstances, including where erroneous input is supplied; | | | | |
| ๐ผ 49b has a reduced propensity to be misused either intentionally (e.g. for the purposes of theft) or inadvertently; | | | | |
| ๐ผ 49c complies with the information security policy framework. | | | | |