what is a baseline
What is a baseline and why you need one
- General principles for cybersecurity are well-known: security-by-design, least privilege, defense-in-depth, separation of duty... However, they are not actionable enough for direct use by developers. A baseline is a set of actionable rules (stories) that can be directly applied by developers, and that instill cybersecurity principles.
- A good baseline can be organized in a progressive manner, with several nested levels.
- The objectives for each story shall be SMART (specific, measurable, achievable, relevant, time-bound).
- Using a relevant baseline is the most effective way to help developers embrace cybersecurity.