Web application security - the fast guide 1.1 | Page 182

Chapter 9 - Secure Application Development
5. Build vulnerability
remediation procedures
P a g e | 182
Integrate security analysis into
source management process  Integrator
Perform code signing  Integrator
Manage security issue disclosure
process 
 Owner: project manager
Key contributor: designer
Address reported security issues 
 Owner: designer
Fault reporter
 Project manager
Database designer
6. Define and monitor
metrics Monitor security metrics 7. Publish operational
security guidelines Specify database security
configuration 
Build operational security guide 

Owner: integrator
Key contributor: designer,
architect, implemente
Table 1:CLASP activities and related project roles and best practices (Dan Graham, Introduction to CLASP
Project)
Detailed information about CLASP methodology is available on https://www.us-
cert.gov/bsi/articles/best-practices/requirements-engineering/introduction-to-
the-clasp-process
9.6 Software Assurance Maturity Model (SAMM)
Figure 67:An over view of SAMM Business functions and security practices
SAMM Is an open framework helps establish a software security strategy
customised to fit a special type of risk facing the organization Benefits gained by
using SAMM cover:




Evaluating an organization’s existing software security practices
Building a balanced software security program in well-defined iterations
Demonstrating concrete improvements to a security assurance program
Defining and measuring security-related activities within an organization