Beyond these traits samm was built on the following

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: or an individual project. Beyond these traits, SAMM was built on the following principles: ✦An organization’s behavior changes slowly over time - A successful software ✦ security program should be specified in small iterations that deliver tangible assurance gains while incrementally working toward long-term goals. ✦There is no single recipe that works for all organizations - A software security ✦ framework must be flexible and allow organizations to tailor their choices based on their risk tolerance and the way in which they build and use software. ✦Guidance related to security activities must be prescriptive - All the steps in building and ✦ assessing an assurance program should be simple, well-defined, and measurable. This model also provides roadmap templates for common types of organizations. The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices.These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance.Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs. As an open project, SAMM content shall always remain vendor-neutral and freely available for all to use. SAMM Overview Software Development Governance Construction Deployment Security Practices Strategy & Metrics Education & Guidance Policy & Compliance Security Requirements Threat Assessment Secure Architecture Design Review Security Testing Code Review Environment Hardening Vulnerability Management Operational Enablement SAMM / Software Assurance Maturity Model - v1.0 Business Functions 3 Contents Executive Summary  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3 Understanding the Model    6 Business Functions  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   8 Governance  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   10 Construction  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   12 Verification  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   14 Deployment  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   16 Applying the Model    18 Using the Maturity Levels  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .   20 Conducting Assessments  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
View Full Document

This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.

Ask a homework question - tutors are online