From cd76d117b9befb762c60adb3a0d999b2625fd2f6 Mon Sep 17 00:00:00 2001 From: William Golembieski Date: Tue, 24 Sep 2024 18:03:10 -0400 Subject: [PATCH] Update EducationAndGuidance.yaml Changing the description of security champion section to markdown to resolve build issues. --- .../EducationAndGuidance.yaml | 26 +++++-------------- 1 file changed, 6 insertions(+), 20 deletions(-) diff --git a/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml b/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml index 3229463..27160d2 100755 --- a/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml +++ b/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml @@ -211,26 +211,12 @@ Culture and Organization: resources: 1 usefulness: 4 level: 2 - description: - "Implement a program where each software development team has a - member considered a \u201CSecurity Champion\u201D who is the liaison between - Information Security and developers. Depending on the size and structure of - the team the \u201CSecurity Champion\u201D may be a software developer, tester, - or a product manager. The \u201CSecurity Champion\u201D has a set number of - hours per week for Information Security related activities. They participate - in periodic briefings to increase awareness and expertise in different security - disciplines. \u201CSecurity Champions\u201D have additional training to help - develop these roles as Software Security subject-matter experts. You may need - to customize the way you create and support \u201CSecurity Champions\u201D - for cultural reasons.\n\nThe goals of the position are to increase effectiveness - and efficiency of application security and compliance and to strengthen the - relationship between various teams and Information Security. To achieve these - objectives, \u201CSecurity Champions\u201D assist with researching, verifying, - and prioritizing security and compliance related software defects. They are - involved in all Risk Assessments, Threat Assessments, and Architectural Reviews - to help identify opportunities to remediate security defects by making the - architecture of the application more resilient and reducing the attack threat - surface.\nSource: [OWASP SAMM](https://owaspsamm.org/model/governance/education-and-guidance/stream-b/)\n" + description: | + Implement a program where each software development team has a member considered a "Security Champion" who is the liaison between Information Security and developers. Depending on the size and structure of the team the "Security Champion" may be a software developer, tester, or a product manager. The "Security Champion" has a set number of hours per week for Information Security related activities. They participate in periodic briefings to increase awareness and expertise in different security disciplines. "Security Champions" have additional training to help develop these roles as Software Security subject-matter experts. You may need to customize the way you create and support "Security Champions" for cultural reasons. + + The goals of the position are to increase effectiveness and efficiency of application security and compliance and to strengthen the relationship between various teams and Information Security. To achieve these objectives, "Security Champions" assist with researching, verifying, and prioritizing security and compliance related software defects. They are involved in all Risk Assessments, Threat Assessments, and Architectural Reviews to help identify opportunities to remediate security defects by making the architecture of the application more resilient and reducing the attack threat surface. + + [Source: OWASP SAMM](https://owaspsamm.org/model/governance/education-and-guidance/stream-b/) implementation: - $ref: src/assets/YAML/default/implementations.yaml#/implementations/owasp-security-champ references: