Fork me on GitHub

Matrix

OWASP DevSecOps Maturity Model
DimensionSub-DimensionLevel 1: Basic understanding of security practicesLevel 2: Adoption of basic security practicesLevel 3: High adoption of security practicesLevel 4: Advanced deployment of security practices at scale
Build and DeploymentBuild
    Build and DeploymentDeployment
    Build and DeploymentPatch Management
      Culture and OrganizationDesign
        Culture and OrganizationEducation and Guidance
        Culture and OrganizationProcess
            ImplementationApplication Hardening
            ImplementationDevelopment & Source Control
              ImplementationInfrastructure Hardening
              ImplementationVersion Control
                  Information GatheringLogging
                  Information GatheringMonitoring
                  Test and VerificationApplication tests
                    Test and VerificationConsolidation
                    Test and VerificationDynamic depth for applications
                    Test and VerificationDynamic depth for infrastructure
                    Test and VerificationStatic depth for applications
                    Test and VerificationStatic depth for infrastructure
                    Test and VerificationTest-Intensity

                      Activities per Dimension

                      Build: 6
                      Deployment: 11
                      Patch Management: 6
                      Design: 7
                      Education and Guidance: 15
                      Process: 4
                      Application Hardening: 4
                      Development & Source Control: 3
                      Infrastructure Hardening: 22
                      Version Control: 3
                      Logging: 6
                      Monitoring: 15
                      Application tests: 4
                      Consolidation: 10
                      Dynamic depth for applications: 9
                      Dynamic depth for infrastructure: 6
                      Static depth for applications: 10
                      Static depth for infrastructure: 12
                      Test-Intensity: 5
                      Activity count: 158
                      Dimension count: 5
                      Sub-Dimension count: 19