SAMM - Introduction to Generic DevOps Security Maturity Model


Introduction to Generic DevOps Security Maturity Model

Why

get understanding of DevOps vocabulary / see how we could reuse parts/complete GDOSMM?

What

  • Introduction of the model
  • see link http://gdosmm-translation.timo-pagel.de/ (model)
  • see link https://drive.google.com/open?id=1rrbyXqxy3LXAJNPFrVH99mj_BNaJKymMsXZItYArWEM (presentation)
  • Discussion on usability within SAMM?

Outcomes

Synopsis and Takeaways

  • No need to change the core model but reviewing the SAMM activities is important to assure they are implementation neutral
  • In addition Implementation advice can be included for different roles and processes e.g. DevOps, Waterfall and Agile
  • GDOSMM is a potential implementation subset of SAMM
  • An evening session was agreed for model mapping SAMM to GDOSMM
  • The effort/impact dimensions suggested make for an interesting addition to activities

Who

The target audience for this Working Session is:

  • Security champions
  • Security architects
  • DevOps Roles
  • CISOs

Working materials

Here are the current ‘work in progress’ materials for this session

(please add as much information as possible before the sessions)



Back to list of all Working Sessions and Tracks

Edit this page here