Куда я попал?
OWASP Building Security In Maturity Model
Framework
CP3.3: 13
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
[CP3.3: 13] DRIVE FEEDBACK FROM SOFTWARE LIFECYCLE DATA BACK TO POLICY.
Feed information from the software lifecycle into the policy creation and maintenance process to drive improvements, such as in defect prevention and strengthening governance-ascode practices (see [SM3.4]). With this feedback as a routine process, blind spots can be eliminated by mapping them to trends in SSDL failures. Events such as the regular appearance of inadequate architecture analysis, recurring vulnerabilities, ignored security release conditions, or the wrong vendor choice for carrying out a penetration test can expose policy weakness (see [CP1.3]). As an example, lifecycle data including KPIs, OKRs, KRIs, SLIs, SLOs, or other organizational metrics can indicate where policies impose too much bureaucracy by introducing friction that prevents engineering from meeting the expected delivery cadence. Rapid technology evolution might also create policy gaps that must be addressed. Over time, policies become more practical and easier to carry out (see [SM1.1]). Ultimately, policies are refined with SSDL data to enhance and improve effectiveness.
Название | Severity | IP | Integral | |
---|---|---|---|---|
1111111 111 11 1111 11111111111111111 1111111 1 11111111111111111 |
-
|
1 |
-
|
|
11 111111111 111 1111111111111111111111111 1111 1 11111 1111111 |
-
|
1 |
-
|
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.