TestAndVerification -> Consolidation: Definition of quality gates
Risk and Opportunity
Risk: Improper examination of vulnerabilities leads to no visibility at all.
Opportunity: Quality gates for found vulnerabilities are defined.
In the beginning it is important to not overload the security analyst,
therefore the recommendation
is to start with alerting of high critical vulnerabilities.
Usefulness and Requirements of this Activitiy
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
- See other actions, e.g. "Treatment of defects with severity high"., , Tags:
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001 - too specific