Using the DevSecOps Maturity Model
Security is not a sauce that we put on top of products when they are finished. Security policies have to be applied from the first moment of development, all the way up to deployment to production. That’s where DevSecOps comes in. The position of security in the DevOps cycle is shown in the following diagram:
Figure 18.5: The DevSecOps cycle
The DevSecOps Maturity Model of the Open Web Application Security Project (OWASP) is a framework that helps organizations assess and improve their software development and delivery practices. The model aims to integrate security practices into the DevOps process that we described in the previous sections. By using this model, businesses can improve the security of their software products and reduce the risk of data breaches and cyber-attacks.
The DevSecOps Maturity Model can be found at https://owasp.org/www-project-devsecops-maturity-model/.
The OWASP DevSecOps Maturity...