Often people think that this model explicitly covers application security.
This is not the case, it touches the DevOps parts like automated security testing.
This could be highlighted by referring to other models and mapping the targeted maturity within DSOMM.
For example https://owasp.org/www-project-application-security-verification-standard/
Often people think that this model explicitly covers application security.
This is not the case, it touches the DevOps parts like automated security testing.
This could be highlighted by referring to other models and mapping the targeted maturity within DSOMM.
For example https://owasp.org/www-project-application-security-verification-standard/