This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Software Security 5D Framework"
(Created page with "The OWASP Software Security 5D framework represents a practical framework that focus on 5 dimensions to evaluate the maturity of a SDLC. The key areas are the following: - Sw...") |
(2) |
||
| Line 2: | Line 2: | ||
The key areas are the following: | The key areas are the following: | ||
| − | - SwSec PROCESSES | + | - SwSec PROCESSES <br> |
| − | - SwSec TESTING | + | - SwSec TESTING<br> |
| − | - SwSec TEAM | + | - SwSec TEAM<br> |
| − | - SwSec AWARENESS | + | - SwSec AWARENESS<br> |
| − | - SwSec STANDARDS | + | - SwSec STANDARDS<br> |
| − | Traditional Secure SDLC frameworks lack of: | + | Traditional Secure SDLC frameworks lack of: <br> |
| − | - level of awareness for all the people involved in the process | + | - level of awareness for all the people involved in the process <br> |
| − | - description of the application security roles involved | + | - description of the application security roles involved <br> |
| − | - set of security standards | + | - set of security standards <br> |
| − | - security testing tools adopted | + | - security testing tools adopted<br> |
| − | + | <br> | |
| − | This new model aims are: | + | This new model aims are:<br> |
| − | - build a more practical Secure SDLC for the Companies | + | - build a more practical Secure SDLC for the Companies<br> |
| − | - have a fast assessment to undertand the actual maturity of a Company | + | - have a fast assessment to undertand the actual maturity of a Company<br> |
| − | - create a reliable way to build a concrete Software Security Program | + | - create a reliable way to build a concrete Software Security Program<br> |
Revision as of 17:19, 23 October 2018
The OWASP Software Security 5D framework represents a practical framework that focus on 5 dimensions to evaluate the maturity of a SDLC.
The key areas are the following:
- SwSec PROCESSES
- SwSec TESTING
- SwSec TEAM
- SwSec AWARENESS
- SwSec STANDARDS
Traditional Secure SDLC frameworks lack of:
- level of awareness for all the people involved in the process
- description of the application security roles involved
- set of security standards
- security testing tools adopted
This new model aims are:
- build a more practical Secure SDLC for the Companies
- have a fast assessment to undertand the actual maturity of a Company
- create a reliable way to build a concrete Software Security Program
