update TM stream with remarks #57
Assignees
Labels
Comments
|
Also to clarify/update difference between Regularly and at least yearly (suggest to switch these - implies updating the scoring for this stream) |
|
Made the changes, except for the regularly, which is to be covered in issue #60 (and has a wider scope than this issue). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Activity D-TA-1-B.yml
Always make sure to persist the outcome
--> Always persist the outcome
Activity D-TA-2-B.yml
Capture the threat modeling artifacts with tools that are used by your application teams.
--> Capture the threat modeling artifacts with tools used by your application teams.
the developer security culture. Reusable risk patterns,
--> the developer security culture. Reusable risk patterns,
Question D-TA-2-B.yml
Do you use a standard methodology, aligned on your application risk levels?
--> Do you use a standard methodology, aligned with your application risk levels?
You capture the threat modeling artifacts with tools that are used by your application teams
--> You capture the threat modeling artifacts with tools used by your application teams
You regularly (e.g., yearly) review the existing threat models to verify that no new threats are relevant for your applications
--> You review the existing threat models to verify that no new threats are relevant for your applications at least yearly
History from old repo:
@SebaDele opened this issue on Dec 20, 2019
@SebaDele self-assigned this on Dec 20, 2019
@SebaDele added SAMM 2.0 2D1ThreatAssessment streamB labels on Dec 21, 2019
@23bartman commented on Dec 23, 2020
@SebaDele Can you review whether version 2.0 is OK on this ? If not, we can consider finetuning the model.
The text was updated successfully, but these errors were encountered: