Difference between revisions of "OWASP DHS SWA Day 2010 OpenSAMM"

Revision as of 03:49, 28 September 2010 (view source) Dallendoug (talk | contribs) ← Older edit		Revision as of 19:04, 5 October 2010 (view source) Walter Houser (talk | contribs) Newer edit →
Line 10:		Line 10:
	A speaker bio for Shakeel Tufail will be posted shortly.		A speaker bio for Shakeel Tufail will be posted shortly.
		+	== Notes ==
		+	SAMM is used as a measuring stick against an organization’s security practices and functions.  OpenSAMM is a maturity model should be used as a scorecard for improving software assurance and provides prescriptive guidance for technical and non-technical users.
		+
		+	SAMM divides the SDLC into the governance, construction, verification, and deployment business functions consisting of 12 security practices.  Each practice is a silo for improvement that can be performed independently or as part of a plan.  The maturity of each practice is scored from 0 to 3.
		+
		+	The approach of SAMM is iterative and the goal is to have a phased approach to assess which areas need the most work and prioritize.  The initial results are used to create a baseline roadmap from which the phased approach would be developed.  The resulting scorecard provides a basis to perform a gap analysis.
		+
		+	A new OpenSAMM version will include new functionality of analyzing feedback, case studies, and mapping of OpenSAMM to other regulations such as PCI, COBIT, CMMI, and FISMA.
	[[Category:OWASP_Conference_Presentations]]		[[Category:OWASP_Conference_Presentations]]

---

Revision as of 19:04, 5 October 2010

The presentation

A presentation on the OpenSAMM Maturity Model, and how it can be used to start or shape a software assurance program.

This presentation is given as part of OWASP Software Assurance Day at the | 13th Annual Software Assurance Forum.

Download the presentation -- Note, some of the images have been removed to reduce file size for download.

The speaker

A speaker bio for Shakeel Tufail will be posted shortly.

Notes

SAMM is used as a measuring stick against an organization’s security practices and functions. OpenSAMM is a maturity model should be used as a scorecard for improving software assurance and provides prescriptive guidance for technical and non-technical users.

SAMM divides the SDLC into the governance, construction, verification, and deployment business functions consisting of 12 security practices. Each practice is a silo for improvement that can be performed independently or as part of a plan. The maturity of each practice is scored from 0 to 3.

The approach of SAMM is iterative and the goal is to have a phased approach to assess which areas need the most work and prioritize. The initial results are used to create a baseline roadmap from which the phased approach would be developed. The resulting scorecard provides a basis to perform a gap analysis.

A new OpenSAMM version will include new functionality of analyzing feedback, case studies, and mapping of OpenSAMM to other regulations such as PCI, COBIT, CMMI, and FISMA.