13 April 2017

Africa: Owasp Samm V1.5 Helps Organizations Improve Their Security Posture

Tagged:
press release

Bel Air — According to a recent study published by SANS: 23% of respondents said that applications were the source of actual breach, data loss and attacks on others and only 25% of the respondents believe they have a mature application security program.

Photo - http://mma.prnewswire.com/media/484774/OWASP_Foundation_Logo.jpg

OWASP SAMM v1.5 is built to help organizations formulate and implement a strategy for software security that is tailored to organization-specific risks. With SAMM v1.5, organizations can accurately evaluate their existing software security practices and steadily improve their security posture over time in well defined iterations designed to meet their unique needs.

The new SAMM scoring model helps demonstrate concrete improvements to security related activities throughout an organization. SAMM is one of the very few mature and open resources available to assist organizations measure and build software security programs.

"Our main goal for version 1.5 was to support our large user community by incorporating their feedback and improving the measurement system of the model," says Bart De Win, co-project leader of OWASP SAMM.

OWASP SAMM v1.5 improves the granularity of scoring, allowing partial credit for achieving maturity benchmarks. This coupled with the matching scoring system, makes it easy to see maturity improvements from projects and initiatives on a dashboard. SAMM project co-lead Brian Glas notes, "One of the main benefits of the updated scoring model is that you can visibly see improvement to your maturity score on the dashboard as initiatives are completed. This can go a long way in building support for your Application Security Program."

Version 1.5 has enhanced explanations of the maturity model with worksheets and guidance containing example case studies which allows organizations not only understand where they are, but to understand what has worked (and hasn't) for others in similar scenarios.

This is a continuing effort with more improvements expected in v2.0. Implementing SAMM is easier with a new Quick Start guide and Tool Box that includes interview forms and the ability to generate roadmaps, charts, and graphs. The increased ease of adoption has led some companies to begin evaluation with v1.5 despite recent setup of v1.1. Mike Craigue from Dell Cybersecurity explains, "We've already started using version 1.5 of the tool internally, and we've gotten an enthusiastic response to the enhanced scoring and easy-to-generate charts."

The OWASP SAMM project leaders are Sebastien Deleersnyder, Bart De Win, and Brian Glas.

To learn more, visit https://www.owasp.org/index.php/SAMM

Follow OWASP SAMM on twitter: @owaspsamm For additional info owasp.foundation@owasp.org

Africa

Africa Security Forum Opens in Ethiopia, Natural Resources Tops Agenda

The sixth Tana High-level Forum on Security in Africa opened today in the Bahir Dar city of Ethiopia, where the… Read more »

Copyright © 2017 PR Newswire. All rights reserved. Distributed by AllAfrica Global Media (allAfrica.com). To contact the copyright holder directly for corrections — or for permission to republish or make other authorized use of this material, click here.

AllAfrica publishes around 700 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify allAfrica.com as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.