Fork me on GitHub

TestAndVerification -> Consolidation: Definition of quality gates

Risk and Opportunity

Risk: Improper examination of vulnerabilities leads to no visibility at all.
Opportunity: Quality gates for found vulnerabilities are defined. In the beginning it is important to not overload the security analyst, therefore the recommendation is to start with alerting of high critical vulnerabilities.

Usefulness and Requirements of this Activitiy

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints:

OWASP SAMM VERSION 2

ISO27001 2017