OWASP ProdSecMan

This project aims to help establish Product Security Management as a distinct and necessary field and function of cybersecurity by providing core operating models for establishing and evaluating a company’s Product Security Management program and function. Product security management is a corollary to the Product Management field and function. It ensures that the company’s products meet the security requirements of customers and the industry while aligning with business goals and remaining competitive in the market. Implementing necessary cybersecurity practices directly into created products adds value to customers and the business. Product Security Management oversees a product’s security posture throughout its development life cycle and during customer use. The ProdSecMan project sets out to provide the framework and operating models for implementing a comprehensive product security management program within an organization.

Road Map

Develop and publish the initial program core goals and CMM document, then develop and publish supporting program framework documents:

• Publish a Product Security Management Program Core Goals and Capability Maturity Model document (90% complete)
• Publish a Product Security Policy and Standards document (0% complete)
• Publish a Product Security Incident Response Team Event Management Information Architecture document (75% complete)
• Publish a Product Security Management Data Sensitivity, Threat, Risk, and Controls Information Architecture document (75% complete)