Fork me on GitHub

CultureAndOrganization -> Education and Guidance: Conduction of collaborative security checks with developers and system administrators

Risk and Opportunity

Risk: Security checks by external companies do not increase the understanding of an application/system for internal employees.
Opportunity: Periodically security reviews of source code (SCA), in which security SME, developers and operations are involved, are effective at increasing the robustness of software and the security knowledge of the teams involved.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

OWASP SAMM VERSION 2

ISO27001 2017