SAMMY works best on screens 1024px wide or larger.
NIST SSDF
Browse NIST SSDF
RV.1.1 RV.1.2 RV.1.3
Threat Intelligence
RV.1.1: Gather information from software acquirers, users, and public sources on potential vulnerabilities in the software and third-party components that the software uses, and investigate all credible reports.
  • Example 1: Monitor vulnerability databases, security mailing lists, and other sources of vulnerability reports through manual or automated means.
  • Example 2: Use threat intelligence sources to better understand how vulnerabilities in general are being exploited.
  • Example 3: Automatically review provenance and software composition data for all software components to identify any new vulnerabilities they have.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Gather information from software acquirers, users, and public sources on potential vulnerabilities in the software and third-party components that the software uses, and investigate all credible reports.