SAMM Metrics for Enterprises


Why

OWASP SAMM is not geared for this out of the box, but can be leveraged very effectively to help large organizations manage application portfolios.

What

  • Evaluating hundreds (or thousands) of apps through OpenSAMM
  • Correlating risks for complete picture
  • Decisions, supported by metrics, to help drive AppSec forward
  • Getting AppSec initiatives funded

Outcomes

  • Compile the list of OpenSAMM controls that should be done by central security teams
  • Compile the list of OpenSAMM controls that should be done by individual teams (operational/development)
  • Create a Top 10 questions for enterprises that the OpenSAMM based asessment should answer

Who

The target audience for this Working Session is:

  • CISOs
  • Future CISOs
  • Metrics analysts
  • AppSec analysts

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions)

Content

  • Definition of OpenSAMM for enterprises (please add content)

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here