This document provides an overview of the open Software Assurance Maturity Model (openSAMM). It explains that openSAMM is an open framework to help organizations formulate and implement a strategy for software security tailored to their specific risks. It describes openSAMM's four business functions and three security practices for each function. For each level of maturity, openSAMM defines objectives, activities, results, success metrics, costs, personnel needs, and related levels. The document outlines a four-step process for using openSAMM that includes performing a gap assessment, creating a roadmap, executing the roadmap with periodic reviews, and moving to the next level of maturity.
12.
Classification system for a set of processes /
function
Shows characteristics of processes over
different levels
Examples
CMMI (DEV, SVC, ACQ)
SSE-CMM
BSIMM, openSAMM, etc
Maturity Models
14.
Open Software Assurance Maturity Model
OWASP Project
Open framework to help organizations
Formulate
Implement
Strategy for software security
Tailored to the specific risks facing the
organization
openSAMM
15.
Recognizes 4 type of
business functions
Any organization
performing software
development would
have these (names
could be different)
openSAMM
16.
3 business practices for each function
3 objectives (for levels) under each practice
0 (implied starting point, not included)
1 (initial understanding and ad hoc provision of practice)
2 (increase efficiency / effectiveness of practice)
3 (comprehensive mastery of the practice)
openSAMM - Security
Practices
23.
Perform practices / activities for level 1
Keep assessing it till you are satisfied and the
scorecard tells you to
Inform management with the updated roadmap
in a periodic manner
Move to next level after you are done with the
previous one
Step 4 - Execute with
periodic reviews
This is what management usually expects people to implement security
An organization changes over time, as a result of which, business prefers indicators that show progress across various areas of implementation to gauge where we are going