nVisium - Software Security Program

improve, expand, and mature your software security program

The nVisium team evaluates your current software security program and provides recommendations to improve, expand, and mature based on the OWASP Software Assurance Maturity Model (SAMM) framework and tailored to your organization.

nVisium conducts a Capability Assessment of your Software Security Program’s practices and related activities using the SAMM as a reference framework. We then provide detailed analysis of its current state and make recommendations to improve the state of software security based on the unique needs for each organization we work with.

Benefits of A SOFTWARE SECURITY PROGRAM

In-depth analysis of the current software security program and related initiatives.
Maturity scoring based on the OWASP SAMM standard framework.
Guidance and recommendations tailored for your culture, maturity, and risk tolerance.
Executive presentation to assist with messaging and promotions.
Strategic view of where software security should integrate into existing processes.

Software Assurance Maturity Model

OWASP SAMM is an open framework designed to help formulate and implement a strategy for software security that is tailored to the specific risks facing an organization. We assess your security program with detailed analysis through SAMM to formulate and implement the best software security strategy for you.

SAMM supports the following principles:

LONG TERM GOALS

An organization’s behavior changes over time, changes must be iterative while working toward long term goals.

CUSTOM SOLUTION

There is no single recipe that works for all organizations, so a solution must enable risk-based solutions.

GUIDANCE

Guidance related to security activities and process improvements must be clearly understood by all roles.

INTEGRATION

Security integration must be simple, well-defined, and measurable.

BUSINESS FUNCTIONS	governance	Strategy & Metrics	Education & Guidance	Policy & Compliance
	construction	Strategy Requirements	Threat Assessment	Secure Architecture
	verification	Design Review	Security Testing	Implementation Review
	operations	Environment Hardening	Issue Management	Operational Enablement

Software Security Program Review Process

nVisium will interview a number of people who are involved in your processes to gain valuable insight into the vision and strategy for the program as well as how it is functioning on a day-to-day basis. We will talk with people from a number of different roles: business analysts, architects, program managers, developers, testers, change management, application and software security, and other roles that may be specific to the software development and deployment lifecycles in use.
After reviewing all documentation and completing interviews, nVisium will perform an in-depth analysis of the current state of the secure software program remotely. Once the analysis is completed, nVisium will develop a series of high level recommendations based on the current state, corporate culture, company risk tolerance, and secure software program best practices. This approach allows nVisium to provide a tailored maturity assessment unique to the client, while still measurable and comparable to peers.
The analysis and recommendations will be structured in the Software Assurance Maturity Model (SAMM) framework to provide a standard for measurability and comparability. SAMM is an open framework used globally and an active flagship project at OWASP. From there, nVisium will produce a capability assessment report for the client containing detailed information on the client’s existing software security practices. This report will expand on what was learned about the existing software lifecycle along with maturity scoring using the SAMM Framework. The report will also contain high level recommendations tailored for the culture and risk profile of each client we work with.

Software Security Program REVIEW