AppSecure-nrw / security-belts

Creative Commons Attribution Share Alike 4.0 International
104 stars 14 forks source link
security

GitHub release Check Markdown Links Spell Check

Security Belts

The maturity model Security Belts structures activities of the secure software development and, thus, offers development teams a good opportunity to address the topic and to build up necessary competencies to ensure the software security of their products. Thereby, the maturity model supports development teams that are overwhelmed with the duty to take over much more responsibility without having sufficient competencies in the team.

For detailed information on the methodology behind the model, please take a look at our Wiki.

In order to continuously improve the Security Belts model, we appreciate any kind of feedback or content contribution. If you are interested in contributing, please see the document Contributing.

Belts

Working on the belts is a continuous effort. Start with the first belt, the white one, and keep working on them, until you achieve the desired belt for your team. Activities of later belts often relate to activities introduced in previous belts. In this case, the previous relevant belt activities will be highlighted for the belt activity.

Getting Started

This getting started is primarily aimed at developers.

Credits

The Security Belts are based on the OWASP DevSecOps Maturity Model and partially inspired by OWASP SAMM

This work is part of the research project "AppSecure.nrw - Security-by-Design of Java-based Applications". The project is funded by the European Regional Development Fund (ERDF-0801379).

AppSecure.nrw Logo

EFRE Logo NRW Logo