The DevSecOps Verification Standard
An open-source framework that defines baseline security requirements for any software project or organisation, so you can find the gaps in your secure development lifecycle and chart a path to close them.
Gap Analysis
Identify the gaps in one or many software projects by giving internal or external analysts a clearly defined standard that covers every area of the secure development lifecycle.
Maturity Roadmap
Developers, architects and security teams can pinpoint their current DevSecOps maturity and map a clear path toward a higher, measurable level.
Third-party Risk
Audit the SDLC maturity of third parties to confirm their development processes are resilient and to surface risks arising from people, processes or software.
Assess yourself in the browser
Rate every control against the four maturity levels, attach screenshots as evidence, and generate a shareable report - an executive summary, maturity charts, a prioritised roadmap and an evidence pack. Everything stays on your device.
Open the self-assessment →The standard
Controls are grouped by lifecycle phase. Each defines four maturity levels, from absent (0) through to measured and continuously improved (3). Open any control to read its full definition.
Get involved
The DSOVS evolves as processes and technologies change. Contributions and feedback are welcome.
Connect with us
Join the community and be part of the journey.