This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP/Training/OWASP Software Assurance Maturity Model"

From OWASP
Jump to: navigation, search
Line 2: Line 2:
 
| Module_designation = [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model]]
 
| Module_designation = [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model]]
 
| Module_Overview_Goal =
 
| Module_Overview_Goal =
 +
SAMM is an open framework that helps formulate and implement a strategy for software security. The main drivers for a SAMM is, an organization’s behavior changes slowly over time. It is based on princliple that somebody has to learn to walk first before they can run.
 +
 +
* That is the reason changes has to be iterative while working toward long-term goals
 +
* There is no single recipe that works for all organizations
 +
* A solution must provide enough details for non-security-people
 +
* Overall, must be simple, well-defined, and measurable
 +
 
| Content =  
 
| Content =  
 
 
 
 
* Content_X<br>
+
SAMM can help an organization in evaluating existing software security practices and build a balanced software security assurance program in well-defined iterations. It can demonstrate concrete improvements to a security assurance program. It can also help in defining and measuring security-related activities.
* Content_Y<br>
+
 
* Content_Z<br>
+
At the highest level, SAMM defines four critical Business Functions:
 +
* Governance
 +
* Construction
 +
* Verification and
 +
* Deployment
 +
 
 +
Each Business Function is the nuts-and-bolts of software development. For each Business Function, SAMM defines three Security Practices. So overall, there are twelve Security Practices that will help an organization build secure applications.
 +
 
 
&nbsp;
 
&nbsp;
 
| Material = [http:// TBD]
 
| Material = [http:// TBD]
 
}}
 
}}

Revision as of 01:34, 15 April 2010

MODULE
OWASP Software Assurance Maturity Model
Overview & Goal
SAMM is an open framework that helps formulate and implement a strategy for software security. The main drivers for a SAMM is, an organization’s behavior changes slowly over time. It is based on princliple that somebody has to learn to walk first before they can run.
  • That is the reason changes has to be iterative while working toward long-term goals
  • There is no single recipe that works for all organizations
  • A solution must provide enough details for non-security-people
  • Overall, must be simple, well-defined, and measurable
Contents Materials
 

SAMM can help an organization in evaluating existing software security practices and build a balanced software security assurance program in well-defined iterations. It can demonstrate concrete improvements to a security assurance program. It can also help in defining and measuring security-related activities.

At the highest level, SAMM defines four critical Business Functions:

  • Governance
  • Construction
  • Verification and
  • Deployment

Each Business Function is the nuts-and-bolts of software development. For each Business Function, SAMM defines three Security Practices. So overall, there are twelve Security Practices that will help an organization build secure applications.

 

[http:// TBD]