SlideShare una empresa de Scribd logo

NULL - OpenSAMM

Descargar como PPTX, PDF
M S Sripati
M S Sripati

A presentation about processes, Secure SDLC processes, OpenSAMM and how to go about implement it

TecnologíaEmpresariales
1 de 25
http://digitalcatharsis.files.wordpress.com/2008/10/sleeping-man_ml.jpg Good Morning
openSAMM { Why & How?
http://api.ning.com/files/OMGuiScfW0WEzLqgZ-vEG1Gocfg9TzXJ*3p8tfJVh6piUZb380lsGCXDJa0aFePIDX7qFwM16dSET5kxHSYqOcFNjdBtZiK/elephant.jpg
http://30dom.com/wp-content/uploads/2013/11/olympic-weight-lifting-wallpaperli-xueying-weightlifting-olympic--china-photos-and-wallpapers-nusxdel.jpg
http://www.veracode.com/blog/wp-content/uploads/2013/06/bug-bounty-programs.jpg
https://www.owasp.org/images/thumb/f/ff/Security_in_the_SDLC_Process.png/600px-Security_in_the_SDLC_Process.png
http://www.shipulski.com/wp-content/uploads/2012/06/Impossible.jpeg
https://s3.amazonaws.com/pbblogassets/uploads/2013/04/donkey-pulling-cart.jpg
http://devpolicy.org/wp-content/uploads/2013/08/Value-for-money.jpg
http://www.rms.net/roi_investreturn.gif
http://www.you-stylish-barcelona-apartments.com/blog/wp-content/uploads/2010/09/what-to-do.JPG.jpeg
   Classification system for a set of processes / function Shows characteristics of processes over different levels Examples    CMMI (DEV, SVC, ACQ) SSE-CMM BSIMM, openSAMM, etc Maturity Models
   Open Software Assurance Maturity Model OWASP Project Open framework to help organizations     Formulate Implement Strategy for software security Tailored to the specific risks facing the organization openSAMM
  Recognizes 4 type of business functions Any organization performing software development would have these (names could be different) openSAMM
  3 business practices for each function 3 objectives (for levels) under each practice     0 (implied starting point, not included) 1 (initial understanding and ad hoc provision of practice) 2 (increase efficiency / effectiveness of practice) 3 (comprehensive mastery of the practice) openSAMM - Security Practices
openSAMM - Example
 For every level, SAMM defines        Objective Activities Results Success Metrics Costs Personnel Related Levels openSAMM
http://creativeconstruction.files.wordpress.com/2013/02/how_to_do_one_thing_at_a_time.jpg
http://www.jasonshen.com/wp-content/uploads/2012/04/buy-in-image-560x355.jpg
Step 2 - Perform Gap Assessment
Step 3 - Create Roadmap / Assurance Program
  Perform practices / activities for level 1 Keep assessing it till you are satisfied and the scorecard tells you to   Inform management with the updated roadmap in a periodic manner Move to next level after you are done with the previous one Step 4 - Execute with periodic reviews
  www.sripati.info http://in.linkedin.com/in/sripati Who Am I
  http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt http://www.opensamm.org/downloads/resources/20090602Software%20Assurance%20Maturity%20Model.ppt Credits

Recomendados

Task 3 mood board
Task 3 mood boardTask 3 mood board
Task 3 mood board
CallumDrakeCPFC
 
Cite sources
Cite sourcesCite sources
Cite sources
copelandadam
 
Auto
AutoAuto
Auto
Onny Kusoet
 
smartwatch
smartwatchsmartwatch
smartwatch
taksumi
 
Abstracciones configuraciones
Abstracciones configuracionesAbstracciones configuraciones
Abstracciones configuraciones
Norma Leon
 
Slide show koby
Slide show kobySlide show koby
Slide show koby
Koby Bridges
 
Mood board
Mood boardMood board
Mood board
davidhall1415
 
Robot moodboard word
Robot moodboard wordRobot moodboard word
Robot moodboard word
VictoriaLBS
 

Recomendados

Task 3 mood board
Task 3 mood boardTask 3 mood board
Task 3 mood board
CallumDrakeCPFC
 
Cite sources
Cite sourcesCite sources
Cite sources
copelandadam
 
Auto
AutoAuto
Auto
Onny Kusoet
 
smartwatch
smartwatchsmartwatch
smartwatch
taksumi
 
Abstracciones configuraciones
Abstracciones configuracionesAbstracciones configuraciones
Abstracciones configuraciones
Norma Leon
 
Slide show koby
Slide show kobySlide show koby
Slide show koby
Koby Bridges
 
Mood board
Mood boardMood board
Mood board
davidhall1415
 
Robot moodboard word
Robot moodboard wordRobot moodboard word
Robot moodboard word
VictoriaLBS
 
Water and Life
Water and LifeWater and Life
Water and Life
Kella Randolph
 
Expansion & Industrialization
Expansion & IndustrializationExpansion & Industrialization
Expansion & Industrialization
malammert
 
Research referance images
Research referance imagesResearch referance images
Research referance images
nazaryth98
 
Usability testing and Silverback (in Japanese)
Usability testing and Silverback (in Japanese)Usability testing and Silverback (in Japanese)
Usability testing and Silverback (in Japanese)
Oli Studholme
 
Works cited
Works citedWorks cited
Works cited
falcone123
 
E6 motion graphic research
E6 motion graphic researchE6 motion graphic research
E6 motion graphic research
MartinDevney
 
Portfolio1
Portfolio1Portfolio1
Portfolio1
chitrabhardwaj
 
C17 gm
C17 gmC17 gm
C17 gm
hindujudaic
 
Dream Jobs
Dream JobsDream Jobs
Dream Jobs
Mike Kornacki
 
Moodboard
MoodboardMoodboard
Moodboard
eduriez
 
Anexos
AnexosAnexos
Anexos
Daniel Mogrovejo
 
Photographic elements
Photographic elementsPhotographic elements
Photographic elements
JaredTA
 
Abstracciones
AbstraccionesAbstracciones
Abstracciones
Norma Leon
 
French Power Point
French Power PointFrench Power Point
French Power Point
Shayan Yazdani
 
Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3 Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3
imbrogef
 
Ai
Ai Ai
Ai
nutthawat
 
Task 1 aptureure
Task 1 aptureureTask 1 aptureure
Task 1 aptureure
munirba
 
Symbiosis mutualism
Symbiosis mutualismSymbiosis mutualism
Symbiosis mutualism
Viviana Dewi
 
Darius williamsvisual resume
Darius williamsvisual resumeDarius williamsvisual resume
Darius williamsvisual resume
beatz252
 
Logan composition (2)
Logan composition (2)Logan composition (2)
Logan composition (2)
loganm
 
Traditional symbols in literature with music
Traditional symbols in literature with musicTraditional symbols in literature with music
Traditional symbols in literature with music
kcurranlitlover
 
Traditional symbols in literature
Traditional symbols in literatureTraditional symbols in literature
Traditional symbols in literature
kcurranlitlover
 

Más contenido relacionado

La actualidad más candente

Expansion & Industrialization
Expansion & IndustrializationExpansion & Industrialization
Expansion & Industrialization
malammert
 
Research referance images
Research referance imagesResearch referance images
Research referance images
nazaryth98
 
E6 motion graphic research
E6 motion graphic researchE6 motion graphic research
E6 motion graphic research
MartinDevney
 
Moodboard
MoodboardMoodboard
Moodboard
eduriez
 
Photographic elements
Photographic elementsPhotographic elements
Photographic elements
JaredTA
 
Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3 Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3
imbrogef
 
Symbiosis mutualism
Symbiosis mutualismSymbiosis mutualism
Symbiosis mutualism
Viviana Dewi
 

La actualidad más candente (19)

Water and Life
Water and LifeWater and Life
Water and Life
 
Expansion & Industrialization
Expansion & IndustrializationExpansion & Industrialization
Expansion & Industrialization
 
Research referance images
Research referance imagesResearch referance images
Research referance images
 
Usability testing and Silverback (in Japanese)
Usability testing and Silverback (in Japanese)Usability testing and Silverback (in Japanese)
Usability testing and Silverback (in Japanese)
 
Works cited
Works citedWorks cited
Works cited
 
E6 motion graphic research
E6 motion graphic researchE6 motion graphic research
E6 motion graphic research
 
Portfolio1
Portfolio1Portfolio1
Portfolio1
 
C17 gm
C17 gmC17 gm
C17 gm
 
Dream Jobs
Dream JobsDream Jobs
Dream Jobs
 
Moodboard
MoodboardMoodboard
Moodboard
 
Anexos
AnexosAnexos
Anexos
 
Photographic elements
Photographic elementsPhotographic elements
Photographic elements
 
Abstracciones
AbstraccionesAbstracciones
Abstracciones
 
French Power Point
French Power PointFrench Power Point
French Power Point
 
Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3 Emily Imbrogno HIST 3ES3
Emily Imbrogno HIST 3ES3
 
Ai
Ai Ai
Ai
 
Task 1 aptureure
Task 1 aptureureTask 1 aptureure
Task 1 aptureure
 
Symbiosis mutualism
Symbiosis mutualismSymbiosis mutualism
Symbiosis mutualism
 
Darius williamsvisual resume
Darius williamsvisual resumeDarius williamsvisual resume
Darius williamsvisual resume
 

Similar a NULL - OpenSAMM

Logan composition (2)
Logan composition (2)Logan composition (2)
Logan composition (2)
loganm
 
Sources for pictures
Sources for picturesSources for pictures
Sources for pictures
kajani1991
 
Banco de imagenes
Banco de imagenesBanco de imagenes
Banco de imagenes
Norma Leon
 
Indian navy's p 8 i (3)
Indian navy's p 8 i (3)Indian navy's p 8 i (3)
Indian navy's p 8 i (3)
hindujudaic
 
Mal uso del internet2
Mal uso del internet2Mal uso del internet2
Mal uso del internet2
vguitar
 
Indian navy's p 8 i
Indian navy's p 8 iIndian navy's p 8 i
Indian navy's p 8 i
hindujudaic
 
Command keynote! part 2p2p2
Command keynote! part 2p2p2Command keynote! part 2p2p2
Command keynote! part 2p2p2
ambersweet95
 
Ha5 homework sidekick Daryl
Ha5 homework sidekick DarylHa5 homework sidekick Daryl
Ha5 homework sidekick Daryl
DarylBatesGames
 

Similar a NULL - OpenSAMM (20)

Logan composition (2)
Logan composition (2)Logan composition (2)
Logan composition (2)
 
Traditional symbols in literature with music
Traditional symbols in literature with musicTraditional symbols in literature with music
Traditional symbols in literature with music
 
Traditional symbols in literature
Traditional symbols in literatureTraditional symbols in literature
Traditional symbols in literature
 
Thaddeus marshall Personal Persona Project
Thaddeus marshall Personal Persona ProjectThaddeus marshall Personal Persona Project
Thaddeus marshall Personal Persona Project
 
Comportamientos digitales
Comportamientos digitalesComportamientos digitales
Comportamientos digitales
 
Comportamientos digitales
Comportamientos digitalesComportamientos digitales
Comportamientos digitales
 
Lca navy
Lca navyLca navy
Lca navy
 
Moodboard
MoodboardMoodboard
Moodboard
 
Sources for pictures
Sources for picturesSources for pictures
Sources for pictures
 
Banco de imagenes
Banco de imagenesBanco de imagenes
Banco de imagenes
 
Indian navy's p 8 i (3)
Indian navy's p 8 i (3)Indian navy's p 8 i (3)
Indian navy's p 8 i (3)
 
Mal uso del internet2
Mal uso del internet2Mal uso del internet2
Mal uso del internet2
 
Indian navy's p 8 i
Indian navy's p 8 iIndian navy's p 8 i
Indian navy's p 8 i
 
Robot moodboard
Robot moodboardRobot moodboard
Robot moodboard
 
Command keynote! part 2p2p2
Command keynote! part 2p2p2Command keynote! part 2p2p2
Command keynote! part 2p2p2
 
Ha5 homework sidekick Daryl
Ha5 homework sidekick DarylHa5 homework sidekick Daryl
Ha5 homework sidekick Daryl
 
Tactics for Implementing Test Automation for Legacy Code
Tactics for Implementing Test Automation for Legacy CodeTactics for Implementing Test Automation for Legacy Code
Tactics for Implementing Test Automation for Legacy Code
 
Mirage 2000
Mirage 2000Mirage 2000
Mirage 2000
 
Números Naturais-EJA
Números Naturais-EJANúmeros Naturais-EJA
Números Naturais-EJA
 
Comportamientos digitales!
Comportamientos digitales! Comportamientos digitales!
Comportamientos digitales!
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

NULL - OpenSAMM

Notas del editor

  1. Talk about how this talk is going to benefit people who want to stay connected to security but are finding it difficult to do so in the absence of a formal transition (e.g., developer, tester, etc.). Also tell them how it is a very good thing to do if you want to jump onto the technical side of security but are currently in some other job that has little relationship with security
  2. Ask them about what they think of this image, and get onto the different perceptions that everyone has for their work and its impact on the business (bottomline – every role / work is important towards client satisfaction, but no-one is ready to accept it, except business)
  3. Ask everyone about their work, and how do they go about it … then move onto why it is a process (a way of doing things), and why any change in either of the three (people, process, and technology) results in a better client satisfaction
  4. Talk about how many things have forced people to come to terms now that application security should be implemented from the beginning, and not patched in the end (otherwise money just piles up).
  5. So it gives rise to SecureSDLCs. However, in the absence of a structured approach to implement it, and a way to measure our progress and benchmarking, management sometimes make unrealistic plans / schedules, which look like this:-
  6. This is how managementusually expects people to implement security
  7. Can you tell me what is lacking here (people, process or technology)?
  8. Management View of secure SDLC