Measuring Maturity of PASTA Threat Modeling Activities Using SAMM Threat Analysis
Threat modeling is a process and leveraging a risk centric approach using PASTA, OpenSAMM provides a great way to measure how we can measure the journey of a PASTA threat modeling roll out using one of OWASP’s iconic maturity models for AppSec. PASTA has a built in RACI and associated activities per each of its seven stages and in this talk, we’ll map to the OWASP SAMM model to see how maturity can be measured over time against the activities for each stage of the Process for Attack Simulation & Threat Analysis.
Author, Founder, former CISO and global threat modeling expert on risk centric iterative approaches to application threat models. I’ve leveraged both BSIMM and OpenSAMM to measure the journey of how PASTA is adopted at various MNCs.