The deliverables for a development include threat modeling, design, and coding. The following table summarizes examples of self-assessment metrics for a development team:
Deliverables |
Self-assessment checklist |
Threat modeling analysis report |
Does the threat modeling analysis cover STRIDE six-threat analysis? Does the diagram include all components, data flows, and trust boundaries? Are all the threat mitigations effective and incorporated into the release plan? Does the threat modeling analysis cover all the new features and the previously released risks? Sharing effective threat mitigation as a case study. |
Secure coding analysis report |
Do any static secure code scanning ... |