DevSecOps Maturity Model

Customer Challenges And Needs

Customers need a way to quantify their current and target security levels.  CyberQ provides that yardstick and (possibly) certification to certain levels.  While the client may be mature on the build process, they may not be mature on the security side of build. 

LEVEL 0

  • Project may utilize a source code repository 
  • Project may utilize build automation.

LEVEL 1

  • Build Servers are locked down with limited access and strong passwords.  
  • Source code repository is similarly secured.

LEVEL 2

  • Level 1 Plus
  • Build Automation
  • Level 1 processes
  • Peer Review2

LEVEL 3

  • Level 2 Plus
  • Secure Static Analysis I
  • Build Artifact Audit
  • Penetration Testing

LEVEL 4

  • Level 3 Plus
  • Secure Static Analysis I
  • Binary Code Vulnerability Scans

LEVEL 5

  • Level 4 Plus
  • Secure Static Analysis II
  • Binary Code Vulnerability Scans
  • Secure Developer Certification
  • Security Centric Unit Testing