Fork me on GitHub


OWASP DevSecOps Maturity Model
DimensionSub-DimensionLevel 1: Basic understanding of security practicesLevel 2: Adoption of basic security practicesLevel 3: High adoption of security practicesLevel 4: Advanced deployment of security practices at scale
Build and DeploymentBuild
Build and DeploymentDeployment
Build and DeploymentPatch Management
Culture and Org.Education and Guidance
Culture and Org.Culture and Org.
Culture and Org.Process
      Information GatheringMonitoring
      Information GatheringLogging
      InfrastructureInfrastructure Hardening
      Test and VerificationDynamic depth for applications
      Test and VerificationStatic depth for applications
      Test and VerificationTest-Intensity
        Test and VerificationConsolidation
        Test and VerificationApplication tests
          Test and VerificationDynamic depth for infrastructure
          Test and VerificationStatic depth for infrastructure

          Activtities per Dimension

          Build: 5
          Deployment: 10
          Patch Management: 6
          Education and Guidance: 13
          Culture and Org.: 6
          Process: 4
          Monitoring: 13
          Logging: 6
          Infrastructure Hardening: 17
          Dynamic depth for applications: 9
          Static depth for applications: 9
          Test-Intensity: 4
          Consolidation: 10
          Application tests: 4
          Dynamic depth for infrastructure: 4
          Static depth for infrastructure: 8
          Activity Count: 128