Only logged in customers who have purchased this product may leave a review.
OWASP Principles
$ 7.78
1 OWASP SAMM QUICK START GUIDE Creative Commons (CC) Attribution Free Version at: https://www.owasp.org Project leaders: Pravir Chandra, Sebastien Deleersnyder, Bart De Win & Kuai Hinojosa 2 OWASP SAMM QUICK START GUIDE SAMM (Software Assurance Maturity Model) is the OWASP framework to help orga- nizations assess, formulate and implement a strategy for software security, which can be integrated into their existing Software Development Lifecycle (SDLC). SAMM is fit for most contexts: whether your organization is mainly developing, outsourcing or rather focusing on acquiring software, whether you are using a waterfall or an agile method, the same model can be applied. This quick start guide walks you through the core steps to execute your SAMM-based secure software practice. 3 BACKGROUND Before diving into actionable steps for a quick start, let’s first briefly describe the model itself. SAMM is based around a set of 12 security practices, which are grouped into 4 business functions. Every security practice contains a set of activities, structured into 3 maturity levels (1 – 3). The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity level. The diagram below illustrates this with example activities found under “Education and Guidance” security practice (which is part of the Governance business function): The structure and setup of the SAMM maturity model are made to support (i) the assessment of the current software as- surance posture, (ii) the definition of the strategy (i.e. the target) that the organization should take, (iii) the formulation of an implementation roadmap of how to get there and (iv) prescriptive advice on how to implement particular activities. In that sense, the value of SAMM lies in providing a means to know where your organization is on its journey towards soft-ware assurance, and to understand what is recommended to move to a next level of maturity. Note that SAMM does not insist that all organizations achieve maturity level 3 in every category. Indeed, you determine the target maturity level for each “Security Practice” that is the best fit for your organization and
Reviews
There are no reviews yet.