Step 5: Implement
Execute the roadmap, addressing people, processes, and tools phase by phase.
Activities
Implement activities
Implement all activities that are part of the current phase. Consider their impact on processes, people, knowledge, and tools. The SAMM model contains prescriptive advice on how to do this. OWASP projects may help to facilitate implementation.
Once activities are in place, shift focus to making them stick across the organization. That is step 6.
Best practices
- Treat legacy software separately. Do not mandate migration unless it is truly important.
- Avoid operational bottlenecks, particularly for the security team.