DevSecOps-MaturityModel
DevSecOps-MaturityModel copied to clipboard
wurstbrot
Next Open Security Summit (April 2021), I will give a DSOMM Introduction to do a workshop (involving the participants) afterwards. Do you have ideas for (sub)-dimensions/activities to discuss? What is...
As an ISO 2700X auditor I want to see all controls for a specific domain. Therefore, the given ordering is not sufficient and needs to be re-worked. @ioggstream
I am seeing more and more issues around referencing controls, actions and risks. instead of further relying on a flat file system I suggest using a relational database. Doctrine would...
## I propose - to associate standards to a given action, use a list ### Proposal 1 ``` references: - iso27001: xxx ``` ### Proposal 2 ``` references: iso27001-2017: -...
## Further references to be considered - [ ] [NIST SP 800-63-3](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf) - [ ] https://csrc.nist.gov/projects/cyber-supply-chain-risk-management
## Question ### Q1 The `Dimensions` part in [USAGE.md] is copied from [owasp_in_sdlc](https://github.com/OWASP/www-project-integration-standards/blob/master/writeups/owasp_in_sdlc/index.md). It could make sense to automatically integrate stuff from there. ### Q2 Consider not suggesting libraries in...
## I wish - risks to be in a vocabulary ## Note - Risks are frequently reused, having a "vocabulary" it would make easier to manage them - A vocabulary...
Gartner has build their view on DevSecOps, and value can be found in what they have created. [https://www.techwire.net/sponsored/integrating-security-into-the-devsecops-toolchain.html](https://www.techwire.net/sponsored/integrating-security-into-the-devsecops-toolchain.html)  The flow, as outlined by gartner, has the following stages: -...
While proactive actions are given, the reactive actions need improvments.
The heatmap on the stable release seems to be broken on Firefox.  @wurstbrot if you can confirm this issue, I can start working on it
