Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

NULL - OpenSAMM

1,030 views

Published on

A presentation about processes, Secure SDLC processes, OpenSAMM and how to go about implement it

Published in: Technology, Business
  • Be the first to comment

NULL - OpenSAMM

  1. 1. http://digitalcatharsis.files.wordpress.com/2008/10/sleeping-man_ml.jpg Good Morning
  2. 2. openSAMM { Why & How?
  3. 3. http://api.ning.com/files/OMGuiScfW0WEzLqgZ-vEG1Gocfg9TzXJ*3p8tfJVh6piUZb380lsGCXDJa0aFePIDX7qFwM16dSET5kxHSYqOcFNjdBtZiK/elephant.jpg
  4. 4. http://30dom.com/wp-content/uploads/2013/11/olympic-weight-lifting-wallpaperli-xueying-weightlifting-olympic--china-photos-and-wallpapers-nusxdel.jpg
  5. 5. http://www.veracode.com/blog/wp-content/uploads/2013/06/bug-bounty-programs.jpg
  6. 6. https://www.owasp.org/images/thumb/f/ff/Security_in_the_SDLC_Process.png/600px-Security_in_the_SDLC_Process.png
  7. 7. http://www.shipulski.com/wp-content/uploads/2012/06/Impossible.jpeg
  8. 8. https://s3.amazonaws.com/pbblogassets/uploads/2013/04/donkey-pulling-cart.jpg
  9. 9. http://devpolicy.org/wp-content/uploads/2013/08/Value-for-money.jpg
  10. 10. http://www.rms.net/roi_investreturn.gif
  11. 11. http://www.you-stylish-barcelona-apartments.com/blog/wp-content/uploads/2010/09/what-to-do.JPG.jpeg
  12. 12.    Classification system for a set of processes / function Shows characteristics of processes over different levels Examples    CMMI (DEV, SVC, ACQ) SSE-CMM BSIMM, openSAMM, etc Maturity Models
  13. 13.    Open Software Assurance Maturity Model OWASP Project Open framework to help organizations     Formulate Implement Strategy for software security Tailored to the specific risks facing the organization openSAMM
  14. 14.   Recognizes 4 type of business functions Any organization performing software development would have these (names could be different) openSAMM
  15. 15.   3 business practices for each function 3 objectives (for levels) under each practice     0 (implied starting point, not included) 1 (initial understanding and ad hoc provision of practice) 2 (increase efficiency / effectiveness of practice) 3 (comprehensive mastery of the practice) openSAMM - Security Practices
  16. 16. openSAMM - Example
  17. 17.  For every level, SAMM defines        Objective Activities Results Success Metrics Costs Personnel Related Levels openSAMM
  18. 18. http://creativeconstruction.files.wordpress.com/2013/02/how_to_do_one_thing_at_a_time.jpg
  19. 19. http://www.jasonshen.com/wp-content/uploads/2012/04/buy-in-image-560x355.jpg
  20. 20. Step 2 - Perform Gap Assessment
  21. 21. Step 3 - Create Roadmap / Assurance Program
  22. 22.   Perform practices / activities for level 1 Keep assessing it till you are satisfied and the scorecard tells you to   Inform management with the updated roadmap in a periodic manner Move to next level after you are done with the previous one Step 4 - Execute with periodic reviews
  23. 23.   www.sripati.info http://in.linkedin.com/in/sripati Who Am I
  24. 24.   http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt http://www.opensamm.org/downloads/resources/20090602Software%20Assurance%20Maturity%20Model.ppt Credits

×