The OWASP SAMM Model and Structure

The OWASP SAMM Model and Structure

Ravi Kant Sharma Ravi Kant Sharma

Ravi Kant Sharma

Senior Software Architect @ Ericsson | Principle Security Master | Domain Architect | Senior System Manager | Security Researcher | Cloud | Containers

发布日期: 2023年3月20日
+ 关注

At the highest level, SAMM defines five business functions. Each business function is a category of activities that any organization involved with software development must fulfill to some degree.

Each business function has three security practices, areas of security-related activities that build assurance for the related business function.

Security practices have activities, grouped in logical flows and divided into two streams. Streams cover different aspects of a practice and have their own objectives, aligning and linking the activities in the practice over the different maturity levels.

For each security practice, SAMM defines three maturity levels. Each level has a successively more sophisticated objective with specific activities, and more strict success metrics.

The structure and setup of the SAMM model support

  1. the assessment of the organization’s current software security posture
  2. the definition of the organization’s target
  3. the definition of an implementation roadmap to get there
  4. prescriptive advice on how to implement particular activities

CODIFIC

1 年

Very nice article about OWASP SAMM, very straight to the point! We are currently developing a management tool for this model and would love to receive your feedback! You can read all about it here: https://codific.com/application-security-management/

回复
1 次回应

要查看或添加评论,请登录

Ravi Kant Sharma的更多文章

社区洞察

其他会员也浏览了