Culture and Organization -> Process: Approval by reviewing any new version
Risk and Opportunity
Risk: An individual might forget to implement security measures to protect source code or infrastructure components.
Opportunity: On each new version (e.g. Pull Request) of source code or infrastructure components a security peer review of the changes is performed (two eyes principle) and approval given by the reviewer.
Usefulness and Requirements of this Activity
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2
- peer review - four eyes principle is not explicitly required by ISO 27001