Software Security Program REVIEW

improve, expand, and mature your software security program

The nVisium team evaluates your current software security program and provides recommendations to improve, expand, and mature based on the OWASP Software Assurance Maturity Model (SAMM) framework and tailored to your organization.

nVisium conducts a Capability Assessment of your Software Security Program’s practices and related activities using the SAMM as a reference framework. We then provide detailed analysis of its current state and make recommendations to improve the state of software security based on the unique needs for each organization we work with.

Benefits of A SOFTWARE SECURITY PROGRAM

  1. In-depth analysis of the current software security program and related initiatives.
  2. Maturity scoring based on the OWASP SAMM standard framework.
  3. Guidance and recommendations tailored for your culture, maturity, and risk tolerance.
  4. Executive presentation to assist with messaging and promotions.
  5. Strategic view of where software security should integrate into existing processes.

Software Assurance Maturity Model

OWASP SAMM is an open framework designed to help formulate and implement a strategy for software security that is tailored to the specific risks facing an organization. We assess your security program with detailed analysis through SAMM to formulate and implement the best software security strategy for you.

SAMM supports the following principles:

LONG TERM GOALS

An organization’s behavior changes over time, changes must be iterative while working toward long term goals.

CUSTOM SOLUTION

There is no single recipe that works for all organizations, so a solution must enable risk-based solutions.

GUIDANCE

Guidance related to security activities and process improvements must be clearly understood by all roles.

INTEGRATION

Security integration must be simple, well-defined, and measurable.

BUSINESS FUNCTIONS governance Strategy & Metrics Education & Guidance Policy & Compliance
construction Strategy Requirements Threat Assessment Secure Architecture
verification Design Review Security Testing Implementation Review
operations Environment Hardening Issue Management Operational Enablement

Software Security Program Review Process

  1. nVisium will interview a number of people who are involved in your processes to gain valuable insight into the vision and strategy for the program as well as how it is functioning on a day-to-day basis. We will talk with people from a number of different roles: business analysts, architects, program managers, developers, testers, change management, application and software security, and other roles that may be specific to the software development and deployment lifecycles in use.
  2. After reviewing all documentation and completing interviews, nVisium will perform an in-depth analysis of the current state of the secure software program remotely. Once the analysis is completed, nVisium will develop a series of high level recommendations based on the current state, corporate culture, company risk tolerance, and secure software program best practices. This approach allows nVisium to provide a tailored maturity assessment unique to the client, while still measurable and comparable to peers.
  3. The analysis and recommendations will be structured in the Software Assurance Maturity Model (SAMM) framework to provide a standard for measurability and comparability. SAMM is an open framework used globally and an active flagship project at OWASP. From there, nVisium will produce a capability assessment report for the client containing detailed information on the client’s existing software security practices. This report will expand on what was learned about the existing software lifecycle along with maturity scoring using the SAMM Framework. The report will also contain high level recommendations tailored for the culture and risk profile of each client we work with.

why nVisium?

One of nVisium’s key differentiators is our developer-centric approach to helping our clients. As part of a capability assessment, clients will gain an understanding of their developers progress and what to do to help them write more secure software.

Contact us Today
Amazon Web Services .NET Java Android iOS AngularJS nodejs Python Ruby on Rails