OWASP DevSecOps Maturity ModelDimension | Sub-Dimension | Level 1: Basic understanding of security practices | Level 2: Adoption of basic security practices | Level 3: High adoption of security practices | Level 4: Advanced deployment of security practices at scale |
---|
Build and Deployment | Build | | | | |
Build and Deployment | Deployment | | | | |
Build and Deployment | Patch Management | | | | |
Culture and Org. | Education and Guidance | | | | |
Culture and Org. | Design | | | | |
Culture and Org. | Process | | | | |
Implementation | Infrastructure Hardening | | | | |
Implementation | Application Hardening | | | | |
Information Gathering | Monitoring | | | | |
Information Gathering | Logging | | | | |
Test and Verification | Dynamic depth for applications | | | | |
Test and Verification | Static depth for applications | | | | |
Test and Verification | Test-Intensity | | | | |
Test and Verification | Consolidation | | | | |
Test and Verification | Application tests | | | | |
Test and Verification | Dynamic depth for infrastructure | | | | |
Test and Verification | Static depth for infrastructure | | | | |