{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

SAMM-1.0 - Software Assurance Maturity Model A guide to...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Software Assurance Maturity Model A guide to building security into software development V ERSION - 1.0
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
L ICENSE This work is licensed under the Creative Commons Attribution-Share Alike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/ by-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Fabio Arciniegas Matt Bartoldus Sebastien Deleersnyder Jonathan Carter Darren Challey Brian Chess Dinis Cruz Justin Derry Bart De Win James McGovern Matteo Meucci Jeff Payne Gunnar Peterson Jeff Piper Andy Steingruebl John Steven Chad Thunberg Colin Watson Jeff Williams A CKNOWLEDGEMENTS The Software Assurance Maturity Model (SAMM) was originally developed, designed, and written by Pravir Chandra ([email protected]), an independent software security consultant. Creation of the first draft was made possible through funding from Fortify Software, Inc. This document is currently maintained and updated through the OpenSAMM Project led by Pravir Chandra. Since the initial re- lease of SAMM, this project has become part of the Open Web Application Security Project (OWASP). Thanks also go to many supporting organizations that are listed on back cover. C ONTRIBUTORS & R EVIEWERS This work would not be possible without the support of many individual reviewers and experts that offered contributions and critical feedback. They are (in alphabetical order): F OR THE LATEST VERSION AND ADDITIONAL INFO , PLEASE SEE THE PROJECT WEB SITE AT http://www.opensamm.org OWASP The Open Web Application Security Project The Open Web Application Security Project (OWASP) is a worldwide free and open community fo- cused on improving the security of application software. Our mission is to make application security “visible,” so that people and organizations can make informed decisions about application security risks. Every- one is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501(c)3 not-for-profit charitable organization that en - sures the ongoing availability and support for our work. Visit OWASP online at http://www.owasp.org. This is an OWASP Project
Background image of page 2
SAMM / S OFTWARE A SSURANCE M ATURITY M ODEL - V 1.0 3 Executive Summary Business Functions Security Practices SAMM Overview Strategy & Metrics Education & Guidance Threat Assessment Secure Architecture Security Requirements Environment Hardening Operational Enablement Vulnerability Management Design Review Code Review Policy & Compliance Security Testing Governance Construction Deployment Software Development The Software Assurance Maturity Model (SAMM) is an open framework to help organizations for- mulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in: Evaluating an organization’s existing software security practices Building a balanced software security assurance program in well-defined iterations
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}