Maturity-Models icon indicating copy to clipboard operation
Maturity-Models copied to clipboard
verified publisher icon OWASP

It should be possible to take an existing scheme and compare it to another

Open streichsbaer opened this issue 9 years ago • 5 comments

As an organisation, I would be interested to see how my BSIMM score compares to OWASP SAMM or other models so that I understand my estimated maturity level for different maturity models. This could be achieved by translating the mappings between the two models as listed in https://github.com/OWASP/opensamm/blob/master/v1.1/mapping/SAMM1.1_BSIMM6_Mapping.xlsx.

streichsbaer avatar Jul 06 '16 15:07 streichsbaer

I agree, that would be a really nice feature.

To do that we need a json mapping to-from those schemas and a way to visualise them

DinisCruz avatar Jul 06 '16 18:07 DinisCruz

I am happy to create the JSON. How do you want the structure to look like?

streichsbaer avatar Jul 07 '16 08:07 streichsbaer

what about something like

{
  "source-schema": "bsimm",
  "target-schema": "samm"
  "activities":
    {
      "SM.1.1": [ "SM 1.B" ],
      "AM1.1" : [ "SM 1.A" ],
      "AM1.3" : [ "SM 1.A", "SM 1.B" ],
      "AA1.4" : [ "SM 1.A", "SM 2.A" ]
    }
}

I used data from image

DinisCruz avatar Jul 07 '16 09:07 DinisCruz

After a further iteration the proposed JSON structure looks like this:

{
    "source-schema": "bsimm",
    "target-schema": "samm",
    "activities":
      {
        "SM.1.1": [ { "key": "SM.1.A", "percentage": 100 } ],
        "AM.1.1": [ { "key": "SM.1.B", "percentage": 100 } ],
        "AM.1.3": [ { "key": "SM.1.C", "percentage": 50  }, { "key": "SM.1.B", "percentage": 50 } ],
        "AM.1.4": [ { "key": "SM.1.D", "percentage": 20  }, { "key": "SM.2.A", "percentage": 80 } ]
      }
}

streichsbaer avatar Jul 11 '16 15:07 streichsbaer

I really like that mapping, which also solves the prob created when adding extra mappings (like I've done in my internal project)

DinisCruz avatar Jul 12 '16 07:07 DinisCruz