OCTAVE: CISSP Domain – Software Development Security

Octave (Operationally Critical Threat, Asset and Vulnerability Evaluation) is a risk evaluation framework developed at Carnegie Mellon.  The idea is that it’s a self evaluation because people who work inside a company know their environment best and therefore can better identify risks than outsiders.

There are three main phases to the framework:

1) Identify Assets

2) Identify Vulnerabilities

3) Risk Analysis and Mitigation

My Video