Comments (1)
SebaDele
commented on July 16, 2024
this was discussed within the core team, here are some notes:
to explain the use of the 2 time frequencies:
"annually" was used with things that are more likely to be related to compliance that would have an annual requirement. "regularly" would be more used for something that we are not trying to dictate a timeframe, but needs to be done not just once.
We used "annual" in practices where it would have more weight that "regularly".
E.g. in stream A "Create and Promote" of security practice "Strategy & Metrics" we assume that at least an annual review will be more frequent and a stronger requirement than a regular review which is probably every couple of years.
Keep that in mind when reviewing and scoring your maturity.
We will keep this issue open for adding these clarifications in locations where these terms are used. And will consider to be more precise in time frequencies in the scoring mechanism.
from samm.
Related Issues (20)
- Type error in related activities on `Datafiles/Activity V-AA-1-A.yml`
- breadcrumb links do not work in the generated model HOT 1
- Podcasts / on tour HOT 1
- Persian Translation HOT 2
- Italian Translation
- automate the linking of product teams work items against SAMM maturity goals?
- home URL has a default template header, HOT 3
- Improve phrasing in EG3B
- Align terminology
- Samm app is not creating initial database properly
- Create stable/versioned URI references to SAMM entitities HOT 1
- "Threat Assessment" yaml files have a space instead of a dash
- Website with maturity levels in the URL HOT 1
- Why questions in Assessment Toolbox and OWASP SAMM v2.0 are different? HOT 1
- Why activities in Assessment Toolbox, OWASP SAMM v2.0 and on site are different? HOT 1
- Formally archive this repository
- SBOM and OBOM question
- /events with broken links HOT 1
- [Security] Workflow yaml-process.yml is using vulnerable action peaceiris/actions-gh-pages
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from samm.