SlideShare a Scribd company logo

Owasp hyd 28_dec2013_opensamm

Download as PPTX, PDF
M S Sripati, profile picture
M S Sripati

This document provides an overview of the open Software Assurance Maturity Model (openSAMM). It explains that openSAMM is an open framework to help organizations formulate and implement a strategy for software security tailored to their specific risks. It describes openSAMM's four business functions and three security practices for each function. For each level of maturity, openSAMM defines objectives, activities, results, success metrics, costs, personnel needs, and related levels. The document outlines a four-step process for using openSAMM that includes performing a gap assessment, creating a roadmap, executing the roadmap with periodic reviews, and moving to the next level of maturity.

TechnologyBusiness
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
http://digitalcatharsis.files.wordpress.com/2008/10/sleeping-man_ml.jpg Good Morning
openSAMM { Why & How?
http://api.ning.com/files/OMGuiScfW0WEzLqgZ-vEG1Gocfg9TzXJ*3p8tfJVh6piUZb380lsGCXDJa0aFePIDX7qFwM16dSET5kxHSYqOcFNjdBtZiK/elephant.jpg
http://30dom.com/wp-content/uploads/2013/11/olympic-weight-lifting-wallpaperli-xueying-weightlifting-olympic--china-photos-and-wallpapers-nusxdel.jpg
http://www.veracode.com/blog/wp-content/uploads/2013/06/bug-bounty-programs.jpg
https://www.owasp.org/images/thumb/f/ff/Security_in_the_SDLC_Process.png/600px-Security_in_the_SDLC_Process.png
http://devpolicy.org/wp-content/uploads/2013/08/Value-for-money.jpg
http://www.rms.net/roi_investreturn.gif
http://www.shipulski.com/wp-content/uploads/2012/06/Impossible.jpeg
https://s3.amazonaws.com/pbblogassets/uploads/2013/04/donkey-pulling-cart.jpg
http://www.you-stylish-barcelona-apartments.com/blog/wp-content/uploads/2010/09/what-to-do.JPG.jpeg
   Classification system for a set of processes / function Shows characteristics of processes over different levels Examples    CMMI (DEV, SVC, ACQ) SSE-CMM BSIMM, openSAMM, etc Maturity Models
Owasp hyd 28_dec2013_opensamm
   Open Software Assurance Maturity Model OWASP Project Open framework to help organizations     Formulate Implement Strategy for software security Tailored to the specific risks facing the organization openSAMM
  Recognizes 4 type of business functions Any organization performing software development would have these (names could be different) openSAMM
  3 business practices for each function 3 objectives (for levels) under each practice     0 (implied starting point, not included) 1 (initial understanding and ad hoc provision of practice) 2 (increase efficiency / effectiveness of practice) 3 (comprehensive mastery of the practice) openSAMM - Security Practices
openSAMM - Example
 For every level, SAMM defines        Objective Activities Results Success Metrics Costs Personnel Related Levels openSAMM
http://creativeconstruction.files.wordpress.com/2013/02/how_to_do_one_thing_at_a_time.jpg
http://www.jasonshen.com/wp-content/uploads/2012/04/buy-in-image-560x355.jpg
Step 2 - Perform Gap Assessment
Step 3 - Create Roadmap / Assurance Program
  Perform practices / activities for level 1 Keep assessing it till you are satisfied and the scorecard tells you to   Inform management with the updated roadmap in a periodic manner Move to next level after you are done with the previous one Step 4 - Execute with periodic reviews
  www.sripati.info http://in.linkedin.com/in/sripati Who Am I
  http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt http://www.opensamm.org/downloads/resources/20090602Software%20Assurance%20Maturity%20Model.ppt Credits

More Related Content

DOCX
Task 3 mood board
CallumDrakeCPFC
 
DOCX
Cite sources
copelandadam
 
TXT
Auto
Onny Kusoet
 
PPTX
smartwatch
taksumi
 
PPTX
Abstracciones configuraciones
Norma Leon
 
PPTX
Slide show koby
Koby Bridges
 
DOCX
Mood board
davidhall1415
 
DOCX
Robot moodboard word
VictoriaLBS
 
Task 3 mood board
CallumDrakeCPFC
 
Cite sources
copelandadam
 
Auto
Onny Kusoet
 
smartwatch
taksumi
 
Abstracciones configuraciones
Norma Leon
 
Slide show koby
Koby Bridges
 
Mood board
davidhall1415
 
Robot moodboard word
VictoriaLBS
 

What's hot (19)

PPTX
Water and Life
Kella Randolph
 
PPT
Expansion & Industrialization
malammert
 
DOCX
Research referance images
nazaryth98
 
PDF
Usability testing and Silverback (in Japanese)
Oli Studholme
 
DOCX
Works cited
falcone123
 
PPTX
E6 motion graphic research
MartinDevney
 
PPTX
Portfolio1
chitrabhardwaj
 
PPTX
C17 gm
hindujudaic
 
PDF
Dream Jobs
Mike Kornacki
 
DOCX
Moodboard
eduriez
 
DOCX
Anexos
Daniel Mogrovejo
 
PPTX
Photographic elements
JaredTA
 
PPTX
Abstracciones
Norma Leon
 
KEY
French Power Point
Shayan Yazdani
 
PPT
Emily Imbrogno HIST 3ES3
imbrogef
 
PPTX
Ai
nutthawat
 
PPTX
Task 1 aptureure
munirba
 
PPTX
Symbiosis mutualism
Viviana Dewi
 
PPT
Darius williamsvisual resume
beatz252
 
Water and Life
Kella Randolph
 
Expansion & Industrialization
malammert
 
Research referance images
nazaryth98
 
Usability testing and Silverback (in Japanese)
Oli Studholme
 
Works cited
falcone123
 
E6 motion graphic research
MartinDevney
 
Portfolio1
chitrabhardwaj
 
C17 gm
hindujudaic
 
Dream Jobs
Mike Kornacki
 
Moodboard
eduriez
 
Anexos
Daniel Mogrovejo
 
Photographic elements
JaredTA
 
Abstracciones
Norma Leon
 
French Power Point
Shayan Yazdani
 
Emily Imbrogno HIST 3ES3
imbrogef
 
Ai
nutthawat
 
Task 1 aptureure
munirba
 
Symbiosis mutualism
Viviana Dewi
 
Darius williamsvisual resume
beatz252
 
Ad

Similar to Owasp hyd 28_dec2013_opensamm (20)

PDF
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
Denim Group
 
PDF
Running a Software Security Program with Open Source Tools (Course)
Denim Group
 
PDF
Running a Software Security Program with Open Source Tools
Denim Group
 
PPTX
How is Your AppSec Program Doing Compared to Others
Denim Group
 
PPTX
HouSecCon 2019: Offensive Security - Starting from Scratch
Spencer Koch
 
PDF
Introduction to Software Security Initiative
Sudarshan Narayanan
 
PDF
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Denim Group
 
PPTX
OWASP Open SAMM
intive
 
PPT
Software Security in the Real World
Mark Curphey
 
PPT
3830100.ppt
azida3
 
PDF
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
PPTX
Security in an Interconnected and Complex World of Software
Michael Coates
 
PDF
BSAMMBO
Christian Heinrich
 
PPTX
GODS
GODS IT Solutions
 
PDF
Building a Modern Security Engineering Organization. Zane Lackey
Yandex
 
PPTX
Bootstrapping an Open-Source Program Office at Blue Cross NC
All Things Open
 
PPTX
Open Source Defense for Edge 2017
Adrian Sanabria
 
PPT
Secure SDLC for Software
Shreeraj Shah
 
PDF
Software Security Engineering (Learnings from the past to fix the future) - B...
DebasisMohanty43
 
PDF
"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008
eLiberatica
 
OWASP San Antonio: Open Software Assurance Maturity Model (OpenSAMM)
Denim Group
 
Running a Software Security Program with Open Source Tools (Course)
Denim Group
 
Running a Software Security Program with Open Source Tools
Denim Group
 
How is Your AppSec Program Doing Compared to Others
Denim Group
 
HouSecCon 2019: Offensive Security - Starting from Scratch
Spencer Koch
 
Introduction to Software Security Initiative
Sudarshan Narayanan
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Denim Group
 
OWASP Open SAMM
intive
 
Software Security in the Real World
Mark Curphey
 
3830100.ppt
azida3
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
Security in an Interconnected and Complex World of Software
Michael Coates
 
BSAMMBO
Christian Heinrich
 
GODS
GODS IT Solutions
 
Building a Modern Security Engineering Organization. Zane Lackey
Yandex
 
Bootstrapping an Open-Source Program Office at Blue Cross NC
All Things Open
 
Open Source Defense for Edge 2017
Adrian Sanabria
 
Secure SDLC for Software
Shreeraj Shah
 
Software Security Engineering (Learnings from the past to fix the future) - B...
DebasisMohanty43
 
"Standing on the Shoulders of Giants" by Brian King @ eLiberatica 2008
eLiberatica
 
Ad

Recently uploaded (20)

PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PPT
Teaching material agriculture food technology
LiaRayya
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Teaching material agriculture food technology
LiaRayya
 

Owasp hyd 28_dec2013_opensamm

Editor's Notes

  • #8: Management View of secure SDLC
  • #10: This is what management usually expects people to implement security
  • #11: An organization changes over time, as a result of which, business prefers indicators that show progress across various areas of implementation to gauge where we are going