From 40e5bd752aeb6971d2abc217f3abca5f74de5940 Mon Sep 17 00:00:00 2001 From: Maxim Baele Date: Sat, 23 Mar 2024 10:01:11 +0100 Subject: [PATCH] Changing the name of security architecture to secure architecture, aligning the name of the activity with the intent. See https://github.com/owaspsamm/core/issues/129 --- model/practice_levels/V-AA-3.yml | 2 +- model/security_practices/D-Security-Architecture.yml | 6 +++--- model/security_practices/V-Architecture Assessment.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/model/practice_levels/V-AA-3.yml b/model/practice_levels/V-AA-3.yml index 729a170434cd..46720a4056d9 100644 --- a/model/practice_levels/V-AA-3.yml +++ b/model/practice_levels/V-AA-3.yml @@ -14,6 +14,6 @@ id: 83ea8aaab3384b41b785107613ee4d86 #Objective of this particular practice level objective: Review the architecture effectiveness and feedback results to improve the - security architecture. + security of the architecture. #Type Classification of the Document type: PracticeLevel diff --git a/model/security_practices/D-Security-Architecture.yml b/model/security_practices/D-Security-Architecture.yml index a4a2abb47b61..bdbf61dc7551 100644 --- a/model/security_practices/D-Security-Architecture.yml +++ b/model/security_practices/D-Security-Architecture.yml @@ -10,18 +10,18 @@ function: 88c296acaae841a2b2fc5314bff44cb4 id: 4753e55e943c4d418303bf90d599c6b1 #Official name of this practice -name: Security Architecture +name: Secure Architecture #Abbreviation of this practice shortName: SA #A one sentence description of the security practice -shortDescription: The security architecture practice focuses on managing architectural +shortDescription: The secure architecture practice focuses on managing architectural risks for the software solution. #A multi-paragraph description of the security practice longDescription: | - The Security Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling. + The Secure Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling. #The relative order of this practice in the business function order: 3 diff --git a/model/security_practices/V-Architecture Assessment.yml b/model/security_practices/V-Architecture Assessment.yml index 7c9b62373011..e2f314e4fb32 100644 --- a/model/security_practices/V-Architecture Assessment.yml +++ b/model/security_practices/V-Architecture Assessment.yml @@ -22,7 +22,7 @@ shortDescription: This practice focuses on validating the security and complianc longDescription: | The Architecture Assessment (AA) practice ensures that the application and infrastructure architecture adequately meets all relevant security and compliance requirements, and sufficiently mitigates identified security threats. The first stream focuses on verifying that the security and compliance requirements identified in the Policy & Compliance and Security Requirements practices are met, first in an ad-hoc manner, then more systematically for each interface in the system. The second stream reviews the architecture, first for mitigations against typical threats, then against the specific threats identified in the Threat Assessment practice. - In its more advanced form, the practice formalizes the security architecture review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Security Architecture practice to improve reference architectures. + In its more advanced form, the practice formalizes the architecture security review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Secure Architecture practice to improve reference architectures. #The relative order of this practice in the business function order: 1