2025.12.25

DevSecOps Assessment Framework (DAF) – A Fresh Approach to Secure Software Development

Good news everyone!
We are pleased to announce that the DevSecOps Assessment Framework (DAF) is now available in English for the international community.

There are many useful frameworks for evaluating the secure development processes, such as SAMM, BSIMM, DSOMM, and Microsoft SDL. However, there is no single framework that clearly describes what must be done and in which order to establish a secure development process, objectively assess existing maturity level, and identify next steps.

The DevSecOps Assessment Framework (DAF) aims to solve this problem. It consolidates recommendations and best practices from various areas of DevSecOps and integrates our community's extensive expertise structured and adapted to modern realities. Some practices from well-known frameworks are not included in DAF, but new and more detailed practices have been added instead. All models, domains, subdomains, and practices are described in clear language to avoid ambiguity and misinterpretation.

Like, share and repost! We would appreciate your feedback!