We're incorporating more security reporting/compliance features into DPBuddy and we're also working on a new product related to certificate management.
As part of this work, we're attempting to compile and aggregate best practices related to certificates and key management.
A lot of it is just common sense, however, as we all know, even simple steps require some effort from developers and security people.
We're hoping that our document can be used as a checklist for everyone involved with the application security. We're also planning to automate some if not all of these guidelines in the new version of DPBuddy and in our upcoming new product.
Please review our security best practices document and be sure to register for updates.