Fork me on GitHub


OWASP DevSecOps Maturity Model
DimensionSub-DimensionLevel 1: Basic understanding of security practicesLevel 2: Adoption of basic security practicesLevel 3: High adoption of security practicesLevel 4: Advanced deployment of security practices at scale
Build and DeploymentBuild
    Build and DeploymentDeployment
    Build and DeploymentPatch Management
      Culture and Org.Education and Guidance
      Culture and Org.Design
      Culture and Org.Process
          HardeningInfrastructure Hardening
          HardeningApplication Hardening
            Information GatheringMonitoring
            Information GatheringLogging
            Test and VerificationDynamic depth for applications
            Test and VerificationStatic depth for applications
            Test and VerificationTest-Intensity
              Test and VerificationConsolidation
              Test and VerificationApplication tests
                Test and VerificationDynamic depth for infrastructure
                Test and VerificationStatic depth for infrastructure

                Activtities per Dimension

                Build: 4
                Deployment: 10
                Patch Management: 6
                Education and Guidance: 13
                Design: 6
                Process: 4
                Infrastructure Hardening: 18
                Application Hardening: 3
                Monitoring: 13
                Logging: 6
                Dynamic depth for applications: 9
                Static depth for applications: 9
                Test-Intensity: 5
                Consolidation: 10
                Application tests: 4
                Dynamic depth for infrastructure: 5
                Static depth for infrastructure: 11
                Activity Count: 136