Fork me on GitHub


OWASP DevSecOps Maturity Model
DimensionSub-DimensionLevel 1: Basic understanding of security practicesLevel 2: Adoption of basic security practicesLevel 3: High adoption of security practicesLevel 4: Advanced deployment of security practices at scale
Build and DeploymentBuild
    Build and DeploymentDeployment
    Build and DeploymentPatch Management
    Culture and Org.Education and Guidance
    Culture and Org.Culture and Org.
    Culture and Org.Process
        Information GatheringMonitoring
        Information GatheringLogging
        InfrastructureInfrastructure Hardening
        Test and VerificationDynamic depth for applications
        Test and VerificationStatic depth for applications
        Test and VerificationTest-Intensity
          Test and VerificationConsolidation
          Test and VerificationApplication tests
            Test and VerificationDynamic depth for infrastructure
            Test and VerificationStatic depth for infrastructure

            Activtities per Dimension

            Build: 4
            Deployment: 10
            Patch Management: 6
            Education and Guidance: 13
            Culture and Org.: 6
            Process: 4
            Monitoring: 13
            Logging: 6
            Infrastructure Hardening: 17
            Dynamic depth for applications: 9
            Static depth for applications: 9
            Test-Intensity: 5
            Consolidation: 10
            Application tests: 4
            Dynamic depth for infrastructure: 5
            Static depth for infrastructure: 8
            Activity Count: 129