Fork me on GitHub

Culture and Org. -> Education and Guidance: Aligning security in teams

Risk and Opportunity

Risk: The concept of Security Champions might suggest that only he/she is repsonsible for security. However, everyone in the project team should be responsible for security.
Opportunity: By aligning security SME with project teams, a higher security standard can be achieved.

Exploit details

Usefullness: Very High
Required knowledge: High (two disciplines)
Required time: Very High
Required resources (systems): Very Low

Additional Information

Implementation hints: Security SME are involved in discussion for requirements analysis, software design and sprint planning to provide guidance and suggestions.
OWASP SAMM 1 Mapping: EG2-B