Login

Register

Login

Register

#hacking | SAMM v2 – OWASP releases revamped security assurance framework


Next-gen DevSecOps

A revamped version of OWASP’s Software Assurance Maturity Model (SAMM) adds automation along with maturity measurements to the open source security-related framework.

OWASP SAMM v2 – released on Tuesday after three years of refinement – is geared towards helping organizations that develop software to travel down the path towards becoming more secure.

The approach is based on a community-led open source framework that “allows teams and developers to assess, formulate, and implement strategies for better security which can be easily integrated into an existing organizational software development lifecycle”.

The SAMM v2 framework – which is designed to simplify the process of analyzing and improving organizational security posture – has evolved to include automation while improving its alignment with development team workflows.

The new release includes a quick start guide, the SAMM ToolBox to perform assessments and creates roadmaps, and a benchmarking scheme designed to help teams compare their maturity and progress with the results achieved at similar organizations.

“This is a really important release for the project team,” project co-leaders Seba Deleersnyder and Bart De Win said in an update to the security community.

“After three years of preparation, the team, our SAMM community, and through the help of our sponsors we now have an effective and measurable way for all types of organizations to analyze and improve their software security posture.”

Shift left

Using a single GitHub source, a SAMM team can automatically generate a maturity model featuring PDF documents and a website, along with the companion toolbox and applications.

The revised framework supports maturity measurements from both coverage and quality perspectives.

The OWASP SAMM community includes security knowledgeable volunteers from both businesses and educational organizations. The global community works to create “freely-available articles, methodologies, documentation, tools, and technologies”.

READ MORE Open source tool predicts which security vulnerabilities are most likely to be exploited



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW