Fork me on GitHub

Culture and Org. -> Education and Guidance: Each team has a security champion

Risk and Opportunity

Risk: No one feels directly responsible for security and the securiy champion does not have enough time to allocate to each team.
Opportunity: Each team defines an individual to be responsible for security. These individuals are often referred to as 'security champions'

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints: https://www.owasp.org/index.php/Security_Champions_Playbook
OWASP SAMM 1 Mapping: EG2-B