Develop applications according to industry-accepted secure coding practices and standards.
Assure a means of securely updating applications and assure that all dependent libraries and modules are secure; provide updates for these when required.
Have code independently assessed and tested by internal or external code review teams.