Explore a comprehensive conference talk from AppSecEU 2016 in Rome that delves into enhancing OpenSAMM's effectiveness in DevOps environments. Learn about software assurance frameworks, SAMM structure, and practical implementation. Discover strategies for data collection, benchmarking, and streamlining processes to minimize impact on development teams. Gain insights into the challenges of Agile vs DevOps, opportunity costs, and showing value early. Understand the importance of data-driven benchmarking, flexible depth assessment, and communicating value through gamification. Examine the ROI of OpenSAMM, automation opportunities, and ownership considerations. Conclude with practical tips on making OpenSAMM more engaging and effective in modern software development practices.
Making OpenSAMM More Effective in a DevOps World
Overview
Syllabus
Intro
Agenda
Background
Value and Risk
Software Assurance frameworks
CMMI
SAMM Structure
SAMM in Practice
Data Collection
Data Model
Limits of SAMM
The Big Drivers
Agile vs DevOps
How do we get to DevOps
Opportunity cost
Show value early
Benchmark
Datadriven benchmarking
Collecting data for benchmarking
Streamline the collection process
Minimize impact on development teams
Be flexible in depth
The 8020 rule
Communicate value
Gamification
Conclusion
ROI
What evidence
Automation
Benchmarks
Who owns OpenSAMM
How to make OpenSAMM fun
Taught by
OWASP Foundation
