Culture and Org. -> Education and Guidance: Conduction of collaborative security checks with develoeprs and system administrators
Risk and Opportunity
Risk: Security checks by external companies do not increase the understanding of an application/system for internal employees.
Opportunity: Periodically security reviews of source code (SCA), in which security SME, developers and operatins are envolved, are effectve at increasing the robusteness of software and the security knowledge of the teams involved.
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low
OWASP SAMM 1 Mapping: IR1-B