This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP/Training/OWASP Software Assurance Maturity Model"
| Line 2: | Line 2: | ||
| Module_designation = [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model]] | | Module_designation = [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model]] | ||
| Module_Overview_Goal = | | Module_Overview_Goal = | ||
| + | SAMM is an open framework that helps formulate and implement a strategy for software security. The main drivers for a SAMM is, an organization’s behavior changes slowly over time. It is based on princliple that somebody has to learn to walk first before they can run. | ||
| + | |||
| + | * That is the reason changes has to be iterative while working toward long-term goals | ||
| + | * There is no single recipe that works for all organizations | ||
| + | * A solution must provide enough details for non-security-people | ||
| + | * Overall, must be simple, well-defined, and measurable | ||
| + | |||
| Content = | | Content = | ||
| | ||
| − | * | + | SAMM can help an organization in evaluating existing software security practices and build a balanced software security assurance program in well-defined iterations. It can demonstrate concrete improvements to a security assurance program. It can also help in defining and measuring security-related activities. |
| − | * | + | |
| − | * | + | At the highest level, SAMM defines four critical Business Functions: |
| + | * Governance | ||
| + | * Construction | ||
| + | * Verification and | ||
| + | * Deployment | ||
| + | |||
| + | Each Business Function is the nuts-and-bolts of software development. For each Business Function, SAMM defines three Security Practices. So overall, there are twelve Security Practices that will help an organization build secure applications. | ||
| + | |||
| | ||
| Material = [http:// TBD] | | Material = [http:// TBD] | ||
}} | }} | ||
Revision as of 01:34, 15 April 2010
| MODULE | |
| OWASP Software Assurance Maturity Model | |
| Overview & Goal | |
SAMM is an open framework that helps formulate and implement a strategy for software security. The main drivers for a SAMM is, an organization’s behavior changes slowly over time. It is based on princliple that somebody has to learn to walk first before they can run.
| |
| Contents | Materials |
|
SAMM can help an organization in evaluating existing software security practices and build a balanced software security assurance program in well-defined iterations. It can demonstrate concrete improvements to a security assurance program. It can also help in defining and measuring security-related activities. At the highest level, SAMM defines four critical Business Functions:
Each Business Function is the nuts-and-bolts of software development. For each Business Function, SAMM defines three Security Practices. So overall, there are twelve Security Practices that will help an organization build secure applications.
|
[http:// TBD] |
