-
Notifications
You must be signed in to change notification settings - Fork 14
Home
Due to the increasing requirements on the security of software products and new evolving development methodologies, development teams have to take much more responsibility for the software security of their product. However, as recent studies and security incidents indicate, development teams are overwhelmed with this duty. The typical main reasons are that the teams do not have sufficient awareness and knowledge concerning software security.
The maturity model Security Belts pursues the idea of providing development teams reasonable activities to improve software security without overwhelming them with the complexity of the topic. The maturity model conveys values that are based on The Five Ideals Of DevOps, which we believe are essential to successfully deliver secure software products. In the maturity model, the individual degrees of maturity are represented as belts, which are known from various martial arts such as judo.
By applying the maturity model, the development teams continuously improve themselves and build up the necessary knowledge for the topic by earning the belts. Furthermore, they are requested to deal with software security early on and continuously in the software development process and, thereby, they minimize the risk of insecure releases and security incidents during operation. As a consequence, Security Belts build confidence on the subject of software security towards customers, management, product owners, and the team itself.
On an organizational level, it is crucial that software security is not the task of a centralized team or department but that each development teams is responsible for the software security of its products. In addition, the organization must be aware of the software security requirements for each of its products and the skills needed to meet those requirements. Based on these requirements, the organization can deduce for each product (e.g., via a risk analysis), which belt the development team must at least have. As a consequence, not every team has to achieve the highest belt.