CultureAndOrganization -> Process: Prevention of unauthorized installation
Risk and Opportunity
Risk: Unapproved components are used.
Opportunity: Components must be whitelisted. Regular scans on the docker infrastructure (e.g. cluster) need to be performed, to verify that only standardized base images are used.
Usefulness and Requirements of this Activitiy
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
- Example: All docker images used by teams need to be based on standard images., , Tags:
Comments: By preventing teams from trying out new components, innovation might be hampered
OWASP SAMM VERSION 2