[SAMM] SAMM in real world

James McGovern JMcGovern at virtusa.com
Wed Sep 29 16:04:00 EDT 2010 

We as a profession believe it is cheaper to "build it in" rather than
test it out, however reality is much different. The "test it out" crowd
has penetration testing which you can put in the hands of anyone and
perform point-and-shoot. Likewise, the after it is built "audit" crowd
loves their checklist. Maturity in the build-it-in requires actual
competencies and is a lot less repeatable...

 

James McGovern
Insurance SBU 

Virtusa Corporation

100 Northfield Drive, Suite 305 | Windsor, CT | 06095

Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  

  <http://www.virtusa.com/>    <http://www.virtusa.com/blog/>   
<https://twitter.com/VirtusaCorp>   
<http://www.linkedin.com/companies/virtusa>   
<http://www.facebook.com/VirtusaCorp> 

 

From: samm-bounces at lists.owasp.org [mailto:samm-bounces at lists.owasp.org]
On Behalf Of Moulay Abdsamad Belghiti
Sent: Wednesday, September 29, 2010 3:30 PM
To: Software Assurance Maturity Model (SAMM)
Subject: Re: [SAMM] SAMM in real world

 

Dear James,

Thank you.

The 80/20 rule you told will certainly fulfill the needs.

About partners, actually most of them shall not proceed to SAMM's
activities to deliver on time/on budget.

First time we talked about penalties for security flaws, we gave in the
SLA assurance level required on ASVS basis, or compliance required with
the Top10. And this seems to make sense for everyone.

Taking the issue by compliance seems to be more effective, as long as
software security still appear counterproductive.

But I will come back later to share some feedback about SAMM.

Thank you again.

MAB 

 


Virtusa was recently ranked and featured in 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list, 2009 Deloitte Technology Fast 500 and 2009 Dataquest-IDC Best Employers Survey among others.

---------------------------------------------------------------------------------------------

This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

---------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/samm/attachments/20100929/80020ed3/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1397 bytes
Desc: image001.jpg
Url : https://lists.owasp.org/pipermail/samm/attachments/20100929/80020ed3/attachment-0001.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 744 bytes
Desc: image002.gif
Url : https://lists.owasp.org/pipermail/samm/attachments/20100929/80020ed3/attachment-0004.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1211 bytes
Desc: image003.gif
Url : https://lists.owasp.org/pipermail/samm/attachments/20100929/80020ed3/attachment-0005.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 789 bytes
Desc: image004.gif
Url : https://lists.owasp.org/pipermail/samm/attachments/20100929/80020ed3/attachment-0006.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 763 bytes
Desc: image005.gif
Url : https://lists.owasp.org/pipermail/samm/attachments/20100929/80020ed3/attachment-0007.gif

More information about the SAMM mailing list