Pavel Radchuk - SAMM: Understanding Agile in Security

28e7d7d55dc88f37db36bfb2f24c6310?s=47 OWASP Kyiv
December 03, 2017

Pavel Radchuk - SAMM: Understanding Agile in Security

OWASP Kyiv Winter 2017 Meetup, Dec 2, 2017



December 03, 2017


  1. 3.
  2. 5.

    MS SDL for Agile MS Security Development Lifecycle (SDL) is

    a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost
  3. 9.

    MS SDL is it THAT Agile? • Needs to be

    fully implemented • All functions are necessary • Doesn’t deal with business restrictions
  4. 10.

    OWASP SAMM The Software Assurance Maturity Model (SAMM) is an

    open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization
  5. 13.

    SAMM. Business function • Objective • Activities • Assessment •

    Results • Success Metrics • Costs • Personnel • Related Levels
  6. 20.
  7. 22.

    SAMM 2.0. Adjusting to devops SAMM Overview Business Function Security

    Practices Software Assurance Lifecycle Governance Construction Build & Deploy Verification Operations Threat Assessment Security Requirements Secure Architecture Strategy & Metrics Policy & Compliance Education & Guidance Issue Management Environment Hardening Operational Enablement Design Analysis Implementation Review Security Testing Secure Build Secure Deployment Defect Management
  8. 23.

    SAMM 2.0 SAMM 2.0 is planned to be presented on

    OWASP 2018 Summer Summit OWASP SAMM repository:
  9. 24.

    SAMM. Get involved Special thanks to Yan Kravchenko – one

    of the SAMM developers If you want to contribute to the project or you just have some interesting opinions – contact OWASP members
  10. 25.