A look at OWASP's Software Assurance Maturity Model (SAMM)
Chris,
How does SAMM align with best practices as defined by SEI CERT or the SEI DevSecOps Platform Independent Model (PIM) best practices? I ask because it says SAMM is prescriptive, so I assume specific metrics will be required. Is that correct?
Chris,
How does SAMM align with best practices as defined by SEI CERT or the SEI DevSecOps Platform Independent Model (PIM) best practices? I ask because it says SAMM is prescriptive, so I assume specific metrics will be required. Is that correct?