Fork me on GitHub


OWASP DevSecOps Maturity Model
DimensionSub-DimensionLevel 1: Basic understanding of security practicesLevel 2: Adoption of basic security practicesLevel 3: High adoption of security practicesLevel 4: Advanced deployment of security practices at scale
Build and DeploymentBuild
    Build and DeploymentDeployment
    Build and DeploymentPatch Management
      Culture and Org.Education and Guidance
      Culture and Org.Design
      Culture and Org.Process
          ImplementationInfrastructure Hardening
          ImplementationApplication Hardening
          Information GatheringMonitoring
          Information GatheringLogging
          Test and VerificationDynamic depth for applications
          Test and VerificationStatic depth for applications
          Test and VerificationTest-Intensity
            Test and VerificationConsolidation
            Test and VerificationApplication tests
              Test and VerificationDynamic depth for infrastructure
              Test and VerificationStatic depth for infrastructure

              Activtities per Dimension

              Build: 4
              Deployment: 10
              Patch Management: 6
              Education and Guidance: 13
              Design: 6
              Process: 4
              Infrastructure Hardening: 18
              Application Hardening: 4
              Monitoring: 13
              Logging: 6
              Dynamic depth for applications: 9
              Static depth for applications: 9
              Test-Intensity: 5
              Consolidation: 10
              Application tests: 4
              Dynamic depth for infrastructure: 5
              Static depth for infrastructure: 11
              Activity Count: 137