Web application security - the fast guide 1.1 | Page 189
Chapter 9 - Secure Application Development
P a g e | 189
a. Evaluating an organization’s existing software security practices
b. Demonstrating concrete improvements to a security assurance
c. Building a balanced software security program in well-defined
iterations
d. All the above
10. SAMM and BSIMM methods have similar approach to assess
maturity with the main difference:
a. SAMM does not focus on security practices but on using tools and
black box assessment to extract vulnerabilities and assess maturity
level.
b. BSIMM is a descriptive method since it is built on quantitative
study in time where SAMM is prescriptive frame work.
c. BSIMM provides 5 levels of maturity in contrast with SAMM that
depends on assessing the security on a scale of 7 covered
functionalities.
d. None of the above
Answers key
1
d
2
c
3
b
4
essay
5
a
6
d
7
b
8
a
9
d
10
b