A company needs to define a new roadmap for improving secure coding practices in the software development life cycle and implementing better security standards. Which of the following is the best way for the company to achieve this goal?
A.
Performing a Software Assurance Maturity Model (SAMM) assessment and generating a roadmap as a final result
B.
Conducting a threat-modeling exercise for the main applications and developing a roadmap based on the necessary security implementations
C.
Developing a new roadmap including secure coding best practices based on the security area roadmap and annual goals defined by the CISO
D.
Using the best practices in the OWASP secure coding manual to define a new roadmap
The best way is to perform a Software Assurance Maturity Model (SAMM) assessment. SAMM provides a structured framework to evaluate current software security maturity across people, process, and technology. The assessment highlights gaps and generates a roadmap tailored to the organization’s development environment.
Option B (threat modeling) only applies to specific applications, not the entire SDLC process. Option C risks misalignment with technical practices by relying only on CISO goals. Option D (OWASP secure coding manual) is useful but provides guidelines, not a maturity-based roadmap.
CAS-005 stresses leveraging maturity models for structured, measurable improvements. SAMM directly addresses this by producing a customized, actionable roadmap for secure coding practices.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit