Suche
Suche Menü

SAMMCharts – A Qudosoft Open Source Project

Owed to our mindset to constantly improve software quality we recently launched an internal Security Awareness Program, codename: Project Hedgehog. Within the program we chose to follow the Software Assurance Maturity Model (SAMM) which is a flagship project of the Open Web Application Security Project (OWASP). The Software Assurance Maturity Model is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks an organization is facing.

The first action items of the model are to assess the maturity level of the organization, define goals to achieve and to create a roadmap. As we use our internal Wiki system for project documentation we needed an easy way to visualize, adapt and track the maturity level and the progress of our roadmap. The SAMM project supplies excel sheets for that purpose which didn’t fit our requirements to easily embed and maintain content.

SAMMCharts – a Javascript Visualization Library for the Software Assurance Maturity Model

To satisfy these requirements we developed the Open Source Javascript Library SAMMCharts. The library can be embedded in web applications such as corporate Wiki systems or might as well be used to generate images within a local browser without needing additional software. It is easy to use, utilizes current technologies and will be maintained by us as SAMM progresses. The components of the library are customizable to fit different organizational and visual needs, e.g. one can configure the look and feel as well as the number of phases on the roadmap.

For convenience users can optionally generate phase summaries that directly link to the business function and practices pages of the SAMM online documentation.

Below you can see two example roadmaps generated by SAMMCharts. The second chart shows a variant that highlights the current phase and achieved maturity level of the organization or project.

 

The Technology Stack

SAMMCharts creates most of the charts as HTML canvas elements that can be saved as an image by right-clicking on it in the browser. The library uses and depends on jQuery and was developed as an AMD module with node.js and can be easily integrated with RequireJS. For testing we used  Karma test runner and Jasmine Testing Frameworks for unit testing along with js-imagediff for browser dependent canvas integration testing.

You can check out the sources and latest releases along with examples at our Github Repository.

What’s more to come?

As SAMM v1.1 is due to be released soon a few nomenclature changes will be implemented in the library. As we go along with our Security Awareness Program we might find additional features necessary that we’ll contribute to the community.

 Are you interested in updates and changes of SAMMCharts? Stay up to date by watching us on Github! Star Watch

Schreibe einen Kommentar

Pflichtfelder sind mit * markiert.


Agile Softwareentwicklung