The OWASP SAMM (Software Assurance Maturity Model) is a great tool to see where an organisation is in relation to an overall security focused systems development lifecycle.

Writing Secure code is not a secure SDLC; There are so many other avenues to address when developing an application from regulatory compliance to development to maintenance and deployment of the solution.

Many people mistake “Secure development” with “writing  secure code” they are not the same as secure code is only one part of the development lifecycle.
SAMM covers off many of the aspects that need to be made to ensure the system being developed is of a high quality and adheres to relevant external requirements. For individual new to SAMM it is an “eye opener” to consider the aspects of the SDLC that need to be considered rather than just writing secure code.

SAMM is simple, is can give you some tangible metrics on “how good is our SDLC” process which is a challenge in modern software development and security at a whole….useful metrics which one can act one are difficult to tabulate and put into action in order to address weakness or enhance a process.

SAMM is also a good tool from a strategic perspective as one can develop a roadmap depending on the nature of ones business and external concerns.

See more here:

http://www.opensamm.org/2010/08/samm-and-the-financial-services-industry/


Subscribe to comments Comment | Trackback |
Post Tags:

Browse Timeline


Add a Comment


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


© Copyright 2007 ASG Ireland . Thanks for visiting!