search

owaspsamm / samm-suite

This is an issues-only repository.
0 stars 1 forks source link

Standardize SAMM Terminology #71

Open johnellingsworth opened 1 day ago

johnellingsworth commented 1 day ago

Issue Description

The SAMM v2 model currently exhibits several terminology inconsistencies:

  1. Action verbs vary across similar concepts
  2. Technical terms have inconsistent depth and definition
  3. Common terms (e.g., "regular", "periodic") lack specific definitions
  4. Similar concepts use different terms across practices (e.g., "review" vs "assessment")
  5. Key terms like "security controls" and "requirements" have varying interpretations

Acceptance Criteria

General Requirements

  1. All key terms have clear, single definitions
  2. Technical terms are defined before use
  3. Action verbs are used consistently
  4. Quality criteria use standard terminology
  5. Role definitions are consistent across practices

Options

Option 1: Create Comprehensive Glossary

Option 2: Full Terminology Revision

Documentation Updates

  1. Comprehensive glossary created and reviewed
  2. All practice descriptions updated for consistency
  3. Quality criteria terminology standardized
  4. Role definitions documented and cross-referenced
  5. Examples use consistent terminology

Verification Requirements

  1. Technical review confirms consistency
  2. No undefined technical terms in use
  3. Terms maintain consistent meaning across practices
  4. Action verbs align with maturity levels
  5. Role descriptions use standard terminology