TestAndVerification -> Static depth for infrastructure: Check for malware
Risk and Opportunity
Risk: Third party might include malware. Ether due to the maintainer (e.g. typo squatting of an image name and using the wrong image) or by an attacker on behalf of the maintainer with stolen credentials.
Opportunity: Check for malware in components (e.g. container images, VM baseline images, libraries).
Usefulness and Requirements of this Activitiy
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low
OWASP SAMM VERSION 2