Culture and Org. -> Education and Guidance: Each team has a security champion
Risk and Opportunity
Risk: No one feels directly responsible for security and the securiy champion does not have enough time to allocate to each team.
Opportunity: Each team defines an individual to be responsible for security. These individuals are often referred to as 'security champions'
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low
Implementation hints: https://www.owasp.org/index.php/Security_Champions_Playbook
OWASP SAMM 1 Mapping: EG2-B