OCTAVE: CISSP Domain – Software Development Security
Octave (Operationally Critical Threat, Asset and Vulnerability Evaluation) is a risk evaluation framework developed at Carnegie Mellon. The idea is that it’s a self evaluation because people who work inside a company know their environment best and therefore can better identify risks than outsiders.
There are three main phases to the framework:
1) Identify Assets
2) Identify Vulnerabilities
3) Risk Analysis and Mitigation