OWASP DevSecOps Maturity Model



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Description
From a startup to a multinational corporation the software development industry is currently dominated by agile frameworks and product teams and as part of it DevOps strategies. It has been observed that during the implementation, security aspects are usually neglected or are at least not sufficient taken account of. It is often the case that standard safety requirements of the production environment are not utilized or applied to the build pipeline in the continuous integration environment with containerization or concrete docker. Therefore, the docker registry is often not secured which might result in the theft of the entire company’s source code.

The DevSecOps Maturity Model, which is presented in the talk, shows security measures which are applied when using DevOps strategies and how these can be prioritized.

With the help of DevOps strategies security can also be enhanced. For example, each component such as application libraries and operating system libraries in docker images can be tested for known vulnerabilities.

Attackers are intelligent and creative, equipped with new technologies and purpose. Under the guidance of the forward-looking DevSecOps Maturity Model, appropriate principles and measures are at hand implemented which counteract the attacks.

Licensing
The projects code is licensed under GNU GENERAL PUBLIC LICENSE Version 3. The intellectual property is licensed under Attribution-ShareAlike.

Roadmap
Get more visibility.

Add mapping to OWASP SAMM as soon as a stable version 2 is out.

Getting Involved
In case you have ideas for improvements for the application, please create a pull request.

In case you have ideas to adjust the model, please create a pull request with appropriate description. In a maturity model, a first check of the new/changed activities against the ease of implementation and the value in the same sub dimension should be performed. Afterwards, the ease of implementation and the value needs to be compared against activities in the same dimension and other dimension. A documentation of the comparison in the pull request needs to be added.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources
View the model

Github

DevSecOps Maturity Model

Continuous Application Security Testing for Enterprise (with DevSecOps Maturity Model)

Project Leader
Timo Pagel

Related Projects

 * OWASP SAMM

Classifications

 * }