2. DSOMM
• The DevSecOps Maturity Model (DSOMM), shows security measures
which are applied when using DevOps strategies and how these can
be prioritized. With the help of DevOps strategies security can also be
enhanced
• For example, each component such as application libraries and
operating system libraries in docker images can be tested for known
vulnerabilities
3.
4. • Implementation Levels in DSOMM are
• Level 1: Basic understanding of security practices
• Level 2: Adoption of basic security practices
• Level 3: High adoption of security practices
• Level 4: Advanced deployment of security practices at scale
5. • There are four main evaluation criteria in DSOMM:
Static depth — How comprehensive the static code scan that you are
performing within the AppSec CI pipeline is.
Dynamic depth — How comprehensive the dynamic scan that is
being run within the AppSec CI pipeline is.
Intensity - Your schedule frequency for the security scans running in
AppSec CI pipeline.
Consolidation — Your remediation workflow for handling findings
and process completeness.