Culture and Organization -> Process: Source Control Protection
Risk and Opportunity
Risk: Unaproved code in important branches like master.
Opportunity: Enabled protections on the source code management system preventing commited directly to an important branch.
- Improve code quality with branch policies, Link, Tags: source-code-protection scm
- About protected branches, Link, Tags: source-code-protection scm
Usefulness and Requirements of this Activity
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Low
OWASP SAMM VERSION 2
- peer review - four eyes principle is not explicitly required by ISO 27001