Building A Balanced Software Security Assurance Program

1194 Words Jul 21st, 2015 5 Pages
Governance, construction, verification, and deployment are the four recognized business functions of OpenSAMM. Accessing existing software assurance practices, building a balanced software security assurance program in well-defined iterations, demonstrating concrete improvements to a security assurance program, and defining and measuring security related activities throughout an organization are the security practices for OpenSAAM. Each business practice has three security practices which make them into twelve. Governance business function have strategy and metrics, education and guidance, policy and compliance. Construction business function have security requirements, threat assessment, and secure architecture. Verification business function have design review, security testing, and code review. Deployment business function have environment hardening, vulnerability management, and operational enablement ("Category:software assurance maturity," n.d. ). 2. Identify and describe the four maturity levels for security practices in SAMM. Each of the twelve Security Practices has three defined Maturity Levels and an implicit starting point at zero. The details for each level differs between the Practices, but they generally represent:
Maturity level 0: Implicit starting point representing the activities in the practice being unfulfilled.
Maturity level 1: Initial understanding and ad hoc provision of security practice
Maturity level 2: Increase efficiency…

More about Building A Balanced Software Security Assurance Program

Open Document