Scribd
Upload
69 views

OWASP Devsecops Maturity Model

The OWASP DevSecOps Maturity Model addresses the often neglected security aspects in DevOps strategies, highlighting the importance of securing the build pipeline and docker registries to prevent source code theft. It provides a framework for prioritizing security measures and enhancing security through testing for vulnerabilities in application and operating system libraries. The project is led by Timo Pagel and Aryan Prasad, and is licensed under the GNU General Public License Version 3.

Uploaded by

masterhawkwood
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
69 views

OWASP Devsecops Maturity Model

The OWASP DevSecOps Maturity Model addresses the often neglected security aspects in DevOps strategies, highlighting the importance of securing the build pipeline and docker registries to prevent source code theft. It provides a framework for prioritizing security measures and enhancing security through testing for vulnerabilities in application and operating system libraries. The project is led by Timo Pagel and Aryan Prasad, and is licensed under the GNU General Public License Version 3.

Uploaded by

masterhawkwood
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

7/30/24, 8:13 AM OWASP Devsecops Maturity Model

OWASP Devsecops Maturity Model

From a startup to a multinational corporation the software development industry is currently


dominated by agile frameworks and product teams and as part of it DevOps strategies. It has been
observed that during the implementation, security aspects are usually neglected or are at least not
sufficient taken account of. It is often the case that standard safety requirements of the production
environment are not utilized or applied to the build pipeline in the continuous integration
environment with containerization or concrete docker. Therefore, the docker registry is often not
secured which might result in the theft of the entire company’s source code.

The DevSecOps Maturity Model, which is presented in the talk, shows security measures which are
applied when using DevOps strategies and how these can be prioritized. With the help of DevOps
strategies security can also be enhanced. For example, each component such as application libraries
and operating system libraries in docker images can be tested for known vulnerabilities. Attackers
are intelligent and creative, equipped with new technologies and purpose. Under the guidance of the
forward-looking DevSecOps Maturity Model, appropriate principles and measures are at hand
implemented which counteract the attacks.

Implementation Level

read://https_owasp.org/?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fowasp.org%2Fwww-project-devsecops-maturity-model%2F 1/2
7/30/24, 8:13 AM OWASP Devsecops Maturity Model

More Information: dsomm.owasp.org

Project Leader
Timo Pagel
Aryan Prasad

License
The projects code is licensed under GNU GENERAL PUBLIC LICENSE Version 3. The
intellectual property is licensed under Attribution-ShareAlike.

read://https_owasp.org/?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fowasp.org%2Fwww-project-devsecops-maturity-model%2F 2/2

You might also like