Maturity Level 2: Standardization and enterprise-wide analysis of software related threats within the organisation. Understand the risk for all applications in the organisation by centralising the risk profile inventory for stakeholders.
Which of the following is the description for the level 2 owasp threat assessment maturity practice mcq?
Answer: The Threat Assessment (TA) practice focuses on identifying and understanding of project-level risks based on the functionality of the software being developed and characteristics of the runtime environment.
Which of the following is the description for the Level 1 over threat assessment maturity practice?
Answer: Maturity 1 - Consider security explicitly during the software requirements process. A basic assessment of the application risk is performed to understand likelihood and impact of an attack.
What are the two parts of a threat assessment?
For each security practice, SAMM defines three maturity levels as objectives.