06 Jun OWASP Software Assurance Maturity Model (SAMM) pr
Download and read the document and answer all questions in the document. Please see attached document H4 & APA Criteria doc.
Question 1
OWASP Software Assurance Maturity Model (SAMM) provides a practical and measurable way for all types of organizations to analyze and improve their software security posture. The SAMM project aims to raise awareness and educate organizations on how to design, develop, and deploy secure software through the self-assessment model.
Please make sure that you’ve completed this module’s reading about SAMM. In addition, familiarize yourself with SAMM more by reviewing the following pages:
https://owaspsamm.org/guidance/quick-start-guide/
https://owaspsamm.org/release-notes-v2/ (Only consider the model)
Briefly describe each business function and list the security practices corresponding to each business function.
Question 2
SAMM comes with a toolbox, a self-assessment tool to review software development security activities against the defined quality criteria and calculate a maturity score. SAMM toolbox can also be used to identify and follow a roadmap for more mature software development practices.
Download the SAMM toolbox (excel file) from https://github.com/OWASP/samm/tree/master/Supporting%20Resources/v2.0/toolbox
Open the file and click the “Interview” sheet.
In the first column of the table below, you see the pieces that makeup SAMM. Find the corresponding instances for each piece (within the “Interview” sheet). Fill out the table accordingly.
|
Pieces that makeup SAMM |
Type Cell Number Here (e.g., Type A7 to denote one cell / A1:A7 to mean a group of contiguous cells) |
Paste Cell Content Here |
|
Business function |
||
|
Security practice |
||
|
Stream |
||
|
Activity |
||
|
Maturity level |
Question 3
Visit online maturity calculator prepared by one of SAMM sponsors: https://concordusa.com/SAMM/. Select one of the business functions. Answer the questionnaire and paste the results screen.
