Merge remote-tracking branch 'origin/main'

devsecopsmaturitymodel · Nov 13, 2024 · d6e57cb · d6e57cb
2 parents a30959f + e259609
commit d6e57cb
Showing 1 changed file with 6 additions and 20 deletions.
diff --git a/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml b/src/assets/YAML/default/CultureAndOrganization/EducationAndGuidance.yaml
@@ -228,26 +228,12 @@ Culture and Organization:
         resources: 1
       usefulness: 4
       level: 2
-      description:
-        "Implement a program where each software development team has a
-        member considered a \u201CSecurity Champion\u201D who is the liaison between
-        Information Security and developers. Depending on the size and structure of
-        the team the \u201CSecurity Champion\u201D may be a software developer, tester,
-        or a product manager. The \u201CSecurity Champion\u201D has a set number of
-        hours per week for Information Security related activities. They participate
-        in periodic briefings to increase awareness and expertise in different security
-        disciplines. \u201CSecurity Champions\u201D have additional training to help
-        develop these roles as Software Security subject-matter experts. You may need
-        to customize the way you create and support \u201CSecurity Champions\u201D
-        for cultural reasons.\n\nThe goals of the position are to increase effectiveness
-        and efficiency of application security and compliance and to strengthen the
-        relationship between various teams and Information Security. To achieve these
-        objectives, \u201CSecurity Champions\u201D assist with researching, verifying,
-        and prioritizing security and compliance related software defects. They are
-        involved in all Risk Assessments, Threat Assessments, and Architectural Reviews
-        to help identify opportunities to remediate security defects by making the
-        architecture of the application more resilient and reducing the attack threat
-        surface.\nSource: [OWASP SAMM](https://owaspsamm.org/model/governance/education-and-guidance/stream-b/)\n"
+      description: |
+        Implement a program where each software development team has a member considered a "Security Champion" who is the liaison between Information Security and developers. Depending on the size and structure of the team the "Security Champion" may be a software developer, tester, or a product manager. The "Security Champion" has a set number of hours per week for Information Security related activities. They participate in periodic briefings to increase awareness and expertise in different security disciplines. "Security Champions" have additional training to help develop these roles as Software Security subject-matter experts. You may need to customize the way you create and support "Security Champions" for cultural reasons.
+        
+        The goals of the position are to increase effectiveness and efficiency of application security and compliance and to strengthen the relationship between various teams and Information Security. To achieve these objectives, "Security Champions" assist with researching, verifying, and prioritizing security and compliance related software defects. They are involved in all Risk Assessments, Threat Assessments, and Architectural Reviews to help identify opportunities to remediate security defects by making the architecture of the application more resilient and reducing the attack threat surface.
+        
+        [Source: OWASP SAMM](https://owaspsamm.org/model/governance/education-and-guidance/stream-b/)
       implementation:
         - $ref: src/assets/YAML/default/implementations.yaml#/implementations/owasp-security-champ
       references: