SAMM - Introduction to Generic DevOps Security Maturity Model

Introduction to Generic DevOps Security Maturity Model


get understanding of DevOps vocabulary / see how we could reuse parts/complete GDOSMM?


  • Introduction of the model
  • see link (model)
  • see link (presentation)
  • Discussion on usability within SAMM?


Synopsis and Takeaways

  • No need to change the core model but reviewing the SAMM activities is important to assure they are implementation neutral
  • In addition Implementation advice can be included for different roles and processes e.g. DevOps, Waterfall and Agile
  • GDOSMM is a potential implementation subset of SAMM
  • An evening session was agreed for model mapping SAMM to GDOSMM
  • The effort/impact dimensions suggested make for an interesting addition to activities


The target audience for this Working Session is:

  • Security champions
  • Security architects
  • DevOps Roles
  • CISOs

Working materials

Here are the current ‘work in progress’ materials for this session

(please add as much information as possible before the sessions)

Back to list of all Working Sessions and Tracks

Edit this page here