deploy: 1dbe03e

user-day/implementing-5-levels-of-cmm-for-ssdlc/index.html

@@ -3,7 +3,7 @@
 <span class=sr-only>User day - go to homepage</span></a><div class=navbar-buttons><button type=button class="navbar-toggle btn-template-main" data-toggle=collapse data-target=#navigation>
 <span class=sr-only>Toggle Navigation</span>
 <i class="fa fa-align-justify"></i></button></div></div><div class="navbar-collapse collapse" id=navigation><ul class="nav navbar-nav navbar-right"><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>About SAMM <span class=caret></span></a><ul class=dropdown-menu><li><a href=/about/>What is SAMM</a></li><li><a href=/team/>The team</a></li></ul></li><li class=dropdown><a href=/model/>The model</a></li><li class=dropdown><a href=/resources/>Resources</a></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Guidance <span class=caret></span></a><ul class=dropdown-menu><li><a href=/guidance/quick-start-guide/>Getting started</a></li><li><a href=/assessment/>Assessment</a></li><li><a href=/guidance/agile/>Agile</a></li><li><a href=/benchmark/>Benchmark</a></li><li><a href=/stream-guidance/>Stream guidance</a></li></ul></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Community <span class=caret></span></a><ul class=dropdown-menu><li><a href=/blog/>Blog</a></li><li><a href=/user-day/>User Day</a></li><li><a href=/sponsors/>Sponsors</a></li><li><a href=/samm-users/>Users</a></li><li><a href=/practitioners/>Practitioners</a></li><li><a href=/faq/>FAQ</a></li><li><a href=/contributing/>Contributing</a></li><li><a href=/contact/>Contact</a></li></ul></li></ul></div><div class="collapse clearfix" id=search><form class=navbar-form role=search><div class=input-group><input type=text class=form-control placeholder=Search>
-<span class=input-group-btn><button type=submit class="btn btn-template-main"><i class="fa fa-search"></i></button></span></div></form></div></div></div></div></header><div id=heading-breadcrumbs><div class=container><div class=row><div class=col-md-12><h1>User day</h1></div></div></div></div><div id=content><div class=container><div class=row><div class="col-md-12 samm-page-content"><div class=heading><h2>Implementing 5 levels of Capability Maturity Model (CMM) for Secure Software Development Life Cycle (SSDLC)</h2></div><div class=row><div class=col-md-3><img src=/img/people/Jamil_Ahmed.jpeg class=img-left style=max-width:200px alt="speaker picture"></div><div class=col-md-9><h3>Jamil Ahmed</h3></br></br><p>Codific</br>Co-founder</p></div></div><div class=row><div class=col-md-12><h2>Abstract</h2><p><p>Capability Maturity Model (CMM)<br>The Capability Maturity Model (CMM) has advanced to effectively evaluate the maturity of software and the Software Development Life Cycle (SDLC). While the importance of CMM for SDLC is clear, a functional CMM specifically designed for the Secure Software Development Lifecycle (SSDLC) across all five levels is not widely recognized or adopted within the application security community and software engineering teams.<br>CMM aims to assess an organization&rsquo;s capabilities through five levels: Initial, Managed, Defined, Quantitatively Managed, and Optimized.</p><p>Origin<br>OWASP Software Assurance Maturity Model (SAMM) is the relevant CMM to SSDLC.
+<span class=input-group-btn><button type=submit class="btn btn-template-main"><i class="fa fa-search"></i></button></span></div></form></div></div></div></div></header><div id=heading-breadcrumbs><div class=container><div class=row><div class=col-md-12><h1>User day</h1></div></div></div></div><div id=content><div class=container><div class=row><div class="col-md-12 samm-page-content"><div class=heading><h2>Implementing 5 levels of Capability Maturity Model (CMM) for Secure Software Development Life Cycle (SSDLC)</h2></div><div class=row><div class=col-md-3><img src=/img/people/Jamil_Ahmed.jpeg class=img-left style=max-width:200px alt="speaker picture"></div><div class=col-md-9><h3>Jamil Ahmed</h3></br></br><p>Fortis Games</br>Senior Application Security Engineer</p></div></div><div class=row><div class=col-md-12><h2>Abstract</h2><p><p>Capability Maturity Model (CMM)<br>The Capability Maturity Model (CMM) has advanced to effectively evaluate the maturity of software and the Software Development Life Cycle (SDLC). While the importance of CMM for SDLC is clear, a functional CMM specifically designed for the Secure Software Development Lifecycle (SSDLC) across all five levels is not widely recognized or adopted within the application security community and software engineering teams.<br>CMM aims to assess an organization&rsquo;s capabilities through five levels: Initial, Managed, Defined, Quantitatively Managed, and Optimized.</p><p>Origin<br>OWASP Software Assurance Maturity Model (SAMM) is the relevant CMM to SSDLC.
 I have devices a functional CMM for SSDLC based on SAMM. This maturity model is devised around important security domains of SSDLC. Although, SAMM provides a good foundation but it is limited to 3 levels. The proposed maturity model of this talk is comprised of 5 typical levels of CMM.</p><p>Objective<br>Shifting left is crucial for improving the security posture of an organization’s software development processes. Therefore, it is essential that the CMM for SSDLC supports the shift-left approach at each of its five levels. As organizations progress to higher maturity levels, they need to implement more shift-left practices.</p><p>Security Domains and Categories<br>The maturity model organizes Secure Software Development Lifecycle (SSDLC) practices into nine major security domains i.e. Security Policy and standards, Security Role and Culture, Security Training, Asset Inventory, Application Architecture Assessment, Building Source Code, Secure Deployment, Dynamic Application Scanning, Security Testing.</p><p>The full model includes descriptions, criteria, and guidelines for achieving these criteria at each of the five levels.</p><p>In the talk, I will share the complete maturity model.</p></p></div></div><div class=row><div class=col-md-12><a href=/user-day>Back to the User Day page</a></div></div><div class=samm-content-with-space></div></div></div></div></div><footer id=footer><div class=container><div class="col-md-8 col-sm-6"><h4>About us</h4><p>This is an OWASP Project.</br>OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.</p><div class=social><a href=https://github.com/owaspsamm target=_blank style=opacity:1><i class="fab fa-2x fa-github"></i></a><a href=https://owasp.slack.com/messages/C0VF1EJGH target=_blank style=opacity:1><i class="fab fa-2x fa-slack"></i></a><a href=https://www.linkedin.com/company/owasp-samm/ target=_blank style=opacity:1><i class="fab fa-2x fa-linkedin-in"></i></a><a href=https://twitter.com/OwaspSAMM target=_blank style=opacity:1><i class="fa-brands fa-2x fa-x-twitter"></i></a><a href=https://www.meetup.com/owasp-samm/ target=_blank style=opacity:1><i class="fab fa-2x fa-meetup"></i></a><a href=https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g target=_blank style=opacity:1><i class="fa fa-2x fa-youtube"></i></a><a href=mailto:[email protected] target=_blank style=opacity:1><i class="fa fa-2x fa-envelope"></i></a></div><hr class="hidden-md hidden-lg hidden-sm"></div><div class="col-md-4 col-sm-6"><a href=https://owasp.org target=_blank><img src=https://owaspsamm.org//img/owasp_logo_1c_w_notext.png alt="User day"></a></div></div></footer><div id=copyright><div class=container><div class=col-md-12><p class=pull-left>OWASP SAMM is published under the
 <a href=https://creativecommons.org/licenses/by-sa/4.0/>CC BY-SA 4.0 license</a>
 and we share the