SlideShare a Scribd company logo

Owasp hyd 28_dec2013_opensamm

Download as PPTX, PDF
M S Sripati
M S Sripati

This document provides an overview of the open Software Assurance Maturity Model (openSAMM). It explains that openSAMM is an open framework to help organizations formulate and implement a strategy for software security tailored to their specific risks. It describes openSAMM's four business functions and three security practices for each function. For each level of maturity, openSAMM defines objectives, activities, results, success metrics, costs, personnel needs, and related levels. The document outlines a four-step process for using openSAMM that includes performing a gap assessment, creating a roadmap, executing the roadmap with periodic reviews, and moving to the next level of maturity.

1 of 25
http://digitalcatharsis.files.wordpress.com/2008/10/sleeping-man_ml.jpg Good Morning
openSAMM { Why & How?
http://api.ning.com/files/OMGuiScfW0WEzLqgZ-vEG1Gocfg9TzXJ*3p8tfJVh6piUZb380lsGCXDJa0aFePIDX7qFwM16dSET5kxHSYqOcFNjdBtZiK/elephant.jpg
http://30dom.com/wp-content/uploads/2013/11/olympic-weight-lifting-wallpaperli-xueying-weightlifting-olympic--china-photos-and-wallpapers-nusxdel.jpg
http://www.veracode.com/blog/wp-content/uploads/2013/06/bug-bounty-programs.jpg
https://www.owasp.org/images/thumb/f/ff/Security_in_the_SDLC_Process.png/600px-Security_in_the_SDLC_Process.png
http://devpolicy.org/wp-content/uploads/2013/08/Value-for-money.jpg
http://www.rms.net/roi_investreturn.gif
http://www.shipulski.com/wp-content/uploads/2012/06/Impossible.jpeg
https://s3.amazonaws.com/pbblogassets/uploads/2013/04/donkey-pulling-cart.jpg
http://www.you-stylish-barcelona-apartments.com/blog/wp-content/uploads/2010/09/what-to-do.JPG.jpeg
   Classification system for a set of processes / function Shows characteristics of processes over different levels Examples    CMMI (DEV, SVC, ACQ) SSE-CMM BSIMM, openSAMM, etc Maturity Models
Owasp hyd 28_dec2013_opensamm
   Open Software Assurance Maturity Model OWASP Project Open framework to help organizations     Formulate Implement Strategy for software security Tailored to the specific risks facing the organization openSAMM
  Recognizes 4 type of business functions Any organization performing software development would have these (names could be different) openSAMM
  3 business practices for each function 3 objectives (for levels) under each practice     0 (implied starting point, not included) 1 (initial understanding and ad hoc provision of practice) 2 (increase efficiency / effectiveness of practice) 3 (comprehensive mastery of the practice) openSAMM - Security Practices
openSAMM - Example
 For every level, SAMM defines        Objective Activities Results Success Metrics Costs Personnel Related Levels openSAMM
http://creativeconstruction.files.wordpress.com/2013/02/how_to_do_one_thing_at_a_time.jpg
http://www.jasonshen.com/wp-content/uploads/2012/04/buy-in-image-560x355.jpg
Step 2 - Perform Gap Assessment
Step 3 - Create Roadmap / Assurance Program
  Perform practices / activities for level 1 Keep assessing it till you are satisfied and the scorecard tells you to   Inform management with the updated roadmap in a periodic manner Move to next level after you are done with the previous one Step 4 - Execute with periodic reviews
  www.sripati.info http://in.linkedin.com/in/sripati Who Am I
  http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt http://www.opensamm.org/downloads/resources/20090602Software%20Assurance%20Maturity%20Model.ppt Credits

More Related Content

Owasp hyd 28_dec2013_opensamm

Editor's Notes

  1. Management View of secure SDLC
  2. This is what management usually expects people to implement security
  3. An organization changes over time, as a result of which, business prefers indicators that show progress across various areas of implementation to gauge where we are going