Fork me on GitHub

Culture and Org. -> Process: Approval by reviewing any new version

Risk and Opportunity

Risk: An individual might forget to implement security measures to protect source code or infrastructure components.
Opportunity: On each new version (e.g. Pull Request) of source code or infrastructure components a security peer review of the changes is performed (two eyes principle) and approval given by the reviewer.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: IR1-B
ISO27001:2017 Controls Mapping: