SAMMY UI is optimized for resolutions with a width 1024px and higher.
DSOMM
Browse DSOMM
O-EG-1-1: Ad-Hoc Security trainings for software developers
O-EG-1-2: Security consulting on request
O-EG-2-1: Each team has a security champion
O-EG-2-2: Regular security training for all
O-EG-2-3: Regular security training of security champions
O-EG-2-4: Reward of good communication
O-EG-2-5: Security code review
O-EG-3-1: Conduction of build-it, break-it, fix-it contests
O-EG-3-2: Security Coaching
O-EG-3-3: Security-Lessoned-Learned
O-EG-3-4: Simple mob hacking
O-EG-4-1: Aligning security in teams
O-EG-4-2: Conduction of collaborative team security checks
O-EG-4-3: Conduction of war games
O-EG-4-4: Regular security training for externals
O-EG-5-1: Conduction of collaborative security checks with developers and system administrators
Each team has a security champion
O-EG-2-1: Each team has a security champion
  • Each team defines an individual to be responsible for security. These individuals are often referred to as 'security champions'
Description

Implement a program where each software development team has a member considered a “Security Champion” who is the liaison between Information Security and developers. Depending on the size and structure of the team the “Security Champion” may be a software developer, tester, or a product manager. The “Security Champion” has a set number of hours per week for Information Security related activities. They participate in periodic briefings to increase awareness and expertise in different security disciplines. “Security Champions” have additional training to help develop these roles as Software Security subject-matter experts. You may need to customize the way you create and support “Security Champions” for cultural reasons. The goals of the position are to increase effectiveness and efficiency of application security and compliance and to strengthen the relationship between various teams and Information Security. To achieve these objectives, “Security Champions” assist with researching, verifying, and prioritizing security and compliance related software defects. They are involved in all Risk Assessments, Threat Assessments, and Architectural Reviews to help identify opportunities to remediate security defects by making the architecture of the application more resilient and reducing the attack threat surface. Source: OWASP SAMM