ISEC 620 Homework 4
OWASP Software Assurance Maturity Model (SAMM) provides a practical and measurable way for all types of organizations to analyze and improve their software security posture. The SAMM project aims to raise awareness and educate organizations on how to design, develop, and deploy secure software through the self-assessment model.
Please make sure that you’ve completed this module’s reading about SAMM. In addition, familiarize yourself with SAMM more by reviewing the following pages:
https://owaspsamm.org/release-notes-v2/ (Only consider the model)
Briefly describe each business function and list the security practices corresponding to each business function.
SAMM comes with a toolbox, a self-assessment tool to review software development security activities against the defined quality criteria and calculate a maturity score. SAMM toolbox can also be used to identify and follow a roadmap for more mature software development practices.
Download the SAMM toolbox (excel file) from https://github.com/OWASP/samm/tree/master/Supporting%20Resources/v2.0/toolbox
Open the file and click the “Interview” sheet.
In the first column of the table below, you see the pieces that makeup SAMM. Find the corresponding instances for each piece (within the “Interview” sheet). Fill out the table accordingly.
|Pieces that makeup SAMM||Type Cell Number Here (e.g., Type A7 to denote one cell / A1:A7 to mean a group of contiguous cells)||Paste Cell Content Here|
Visit online maturity calculator prepared by one of SAMM sponsors: https://concordusa.com/SAMM/. Select one of the business functions. Answer the questionnaire and paste the results screen.
Question 4 – Weekly Learning and Reflection
In two to three paragraphs of prose (i.e., sentences, not bullet lists) using APA style citations if needed, summarize and interact with the content that was covered this week in class. In your summary, you should highlight the major topics, theories, practices, and knowledge that were covered. Your summary should also interact with the material through personal observations, reflections, and applications to the field of study. In particular, highlight what surprised, enlightened, or otherwise engaged you. Make sure to include at least one thing that you’re still confused about or ask a question about the content or the field. In other words, you should think and write critically not just about what was presented but also what you have learned through the session. Questions asked here will be summarized and answered anonymously in the next class.