OWASP Developer Guide

Culture Building and Process Maturing

Developer guide logo{height=180px}

8. Culture building and Process maturing

Culture building and Process maturing is described by the SAMM Organization and Culture activity, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.

The maturity of security processes and culture is wide ranging, with indicators of a mature process and culture including:

  • Security champions have been identified for each development team
  • A program is in place to support the security champions
  • Secure coding practices are in place to define standards and improve software development
  • Developers and application security professionals across the organization are able to communicate and share best practice

Sections:

8.1 Security Culture
8.2 Security Champions
8.2.1 Security champions program
8.2.2 Security Champions Guide
8.2.3 Security Champions Playbook
8.3 Software Assurance Maturity Model
8.4 Application Security Verification Standard
8.5 Mobile Application Security


The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue.