OWASP SAMM categorizes security practices into four key business functions—governance, construction, verification, and operations. It's a very practical guide for any organization to follow for self-assessment of the security maturity level. Microsoft SDL defines security practices during the development process while OWASP SAMM defines security practices based on business functions and the four levels of security maturity:
Business functions |
Security practices |
Governance |
|
Construction |
|
Verification |
|
Operations |
|