Consider making this entry a markdown entry instead
description: |
"Implement a program where each software development team has a
member considered a \u201CSecurity Champion\u201D who is the liaison between
Information Security and developers. Depending on the size and structure of
the team the \u201CSecurity Champion\u201D may be a software developer, tester,
or a product manager. The \u201CSecurity Champion\u201D has a set number of
hours per week for Information Security related activities. They participate
in periodic briefings to increase awareness and expertise in different security
disciplines. \u201CSecurity Champions\u201D have additional training to help
develop these roles as Software Security subject-matter experts. You may need
to customize the way you create and support \u201CSecurity Champions\u201D
for cultural reasons.\n\nThe goals of the position are to increase effectiveness
and efficiency of application security and compliance and to strengthen the
relationship between various teams and Information Security. To achieve these
objectives, \u201CSecurity Champions\u201D assist with researching, verifying,
and prioritizing security and compliance related software defects. They are
involved in all Risk Assessments, Threat Assessments, and Architectural Reviews
to help identify opportunities to remediate security defects by making the
architecture of the application more resilient and reducing the attack threat
surface.\nSource: [OWASP SAMM](https://owaspsamm.org/model/governance/education-and-guidance/stream-b/)\n"
https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel-data/blob/c492e8a0dddc12b9d630ee7ff0614dcafc213147/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml#L233
Consider making this entry a markdown entry instead