null - opensamm
DESCRIPTION
A presentation about processes, Secure SDLC processes, OpenSAMM and how to go about implement itTRANSCRIPT
Good Morning
http://digitalcatharsis.files.wordpress.com/2008/10/sleeping-man_ml.jpg
{openSAMM
Why & How?
http://api.ning.com/files/OMGuiScfW0WEzLqgZ-vEG1Gocfg9TzXJ*3p8tfJVh6piUZb380lsGCXDJa0aFePIDX7q-FwM16dSET5kxHSYqOcFNjdBtZiK/elephant.jpg
People
ProcessTechnology
http://30dom.com/wp-content/uploads/2013/11/olympic-weight-lifting-wallpaperli-xueying-weightlifting-olympic--china-photos-and-wallpapers-nusxdel.jpg
http://www.veracode.com/blog/wp-content/uploads/2013/06/bug-bounty-programs.jpg
https://www.owasp.org/images/thumb/f/ff/Security_in_the_SDLC_Process.png/600px-Security_in_the_SDLC_Process.png
http://www.shipulski.com/wp-content/uploads/2012/06/Impossible.jpeg
https://s3.amazonaws.com/pbblogassets/uploads/2013/04/donkey-pulling-cart.jpg
http://devpolicy.org/wp-content/uploads/2013/08/Value-for-money.jpg
http://www.rms.net/roi_investreturn.gif
http://www.you-stylish-barcelona-apartments.com/blog/wp-content/uploads/2010/09/what-to-do.JPG.jpeg
Classification system for a set of processes / function
Shows characteristics of processes over different levels
Examples CMMI (DEV, SVC, ACQ) SSE-CMM BSIMM, openSAMM, etc
Maturity Models
Open Software Assurance Maturity Model
OWASP Project Open framework to help organizations
Formulate Implement Strategy for software security Tailored to the specific risks facing the
organization
openSAMM
openSAMM
Recognizes 4 type of business functions
Any organization performing software development would have these (names could be different)
3 business practices for each function 3 objectives (for levels) under each practice
0 (implied starting point, not included) 1 (initial understanding and ad hoc provision of practice) 2 (increase efficiency / effectiveness of practice) 3 (comprehensive mastery of the practice)
openSAMM - Security Practices
openSAMM - Example
For every level, SAMM defines Objective Activities Results Success Metrics Costs Personnel Related Levels
openSAMM
http://creativeconstruction.files.wordpress.com/2013/02/how_to_do_one_thing_at_a_time.jpg
http://www.jasonshen.com/wp-content/uploads/2012/04/buy-in-image-560x355.jpg
Step 2 - Perform Gap Assessment
Step 3 - Create Roadmap / Assurance Program
Perform practices / activities for level 1 Keep assessing it till you are satisfied
and the scorecard tells you to Inform management with the updated
roadmap in a periodic manner Move to next level after you are done
with the previous one
Step 4 - Execute with periodic reviews
www.sripati.info http://in.linkedin.com/in/sripati
Who Am I
http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt
http://www.opensamm.org/downloads/resources/20090602-Software%20Assurance%20Maturity%20Model.ppt
Credits