Skip to main content

what is a baseline

What is a baseline and why you need one

  • General principles for cybersecurity are well-known: security-by-design, least privilege, defense-in-depth, separation of duty... However, they are not actionable enough for direct use by developers. A baseline is a set of actionable rules (stories) that can be directly applied by developers, and that instill cybersecurity principles.
  • A good baseline can be organized in a progressive manner, with several nested levels.
  • The objectives for each story shall be SMART (specific, measurable, achievable, relevant, time-bound).
  • Using a relevant baseline is the most effective way to help developers embrace cybersecurity.