SDLC - Repositories without exploitable vulnerabilities remediated within SLO¶
Description¶
The percentage of code repositories in the development pipeline that have resolved critical security vulnerabilities within the established service level objective (SLO), ensuring that potential threats are mitigated in a timely manner to reduce exposure to security risks and maintain compliance with security standards.
How we measure it¶
Query the code repository management system to identify all repositories with exploitable vulnerabilities. Calculate the percentage of repositories without exploitable vulnerabilities against the total number of repositories that have resolved critical security vulnerabilities within the established service level objective (SLO).
Meta Data¶
| Attribute | Value |
|---|---|
| Metric id | sd_vulnerabilities_performance |
| Category | Software Development |
| SLO | 90.00% - 95.00% |
| Weight | 0.5 |
| Type |  |
References¶
| Framework | Ref | Domain | Control |
|---|---|---|---|
| CIS 8.1 | 16.12 | Application Software Security | Implement Code-Level Security Checks |
| ISO 27001:2022 | A.8.25 | 8 Technological controls | Secure development life cycle |
| NIST CSF v2.0 | PR.PS-06 | Platform Security (PR.PS) | PR.PS-06: Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle |