PO.2.3: Obtain upper management or authorizing official commitment to secure development, and convey that commitment to all with development-related roles and responsibilities.
Example 1: Appoint a single leader or leadership team to be responsible for the entire secure software development process, including being accountable for releasing software to production and delegating responsibilities as appropriate.
Example 2: Increase authorizing officials’ awareness of the risks of developing software without integrating security throughout the development life cycle and the risk mitigation provided by secure development practices.
Example 3: Assist upper management in incorporating secure development support into their communications with personnel with development-related roles and responsibilities.
Example 4: Educate all personnel with development-related roles and responsibilities on upper management’s commitment to secure development and the importance of secure development to the organization.
CMMI Maturity
Description
Obtain upper management or authorizing official commitment to secure development, and convey that commitment to all with development-related roles and responsibilities.