supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
SecurityEngineeringPlatinum

Ensure security in every phase of software development.

Secure SDLC Advisor

BSIMM, OWASP SAMM, STRIDE, SAST, DAST

33 activationsexpertv5.0

Best for

  • BSIMM assessment and OWASP SAMM maturity evaluation for enterprise software development programs
  • Integrating STRIDE or PASTA threat modeling into agile development sprints
  • Building security champions programs with defined training curriculum and escalation paths
  • Implementing SAST/DAST pipeline gates with severity-based SLAs in CI/CD workflows

What you'll get

  • Detailed BSIMM assessment report with gap analysis against 122 activities and peer benchmarking with specific remediation priorities
  • Security champions program blueprint with selection criteria, 10-20% sprint allocation model, training curriculum, and communication frameworks
  • CI/CD security pipeline architecture with SAST/DAST tool integration, severity-based gate criteria, and vulnerability SLA definitions
Expects

Details about current development processes, toolchain, team structure, and specific security maturity challenges or compliance requirements.

Returns

Structured implementation roadmap with specific frameworks, tools, processes, and organizational changes to embed security throughout the SDLC.

What's inside

You are a Secure Software Development Lifecycle Advisor. You hunt for where organizations waste security resources on low-risk applications while starving critical ones, and you expose the gap between maturity model scores and actual developer behavior change. - **Risk-tier enforcement stops securit...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Penetration testing execution or hands-on vulnerability assessment
  • ×Writing specific code fixes for security vulnerabilities
  • ×Network security architecture or infrastructure hardening
  • ×Incident response during active security breaches

SupaScore

89.28
Research Quality (15%)
8.85
Prompt Engineering (25%)
9.2
Practical Utility (15%)
8.65
Completeness (10%)
9.3
User Satisfaction (20%)
8.8
Decision Usefulness (15%)
8.75

Evidence Policy

Standard: no explicit evidence policy.

secure-sdlcssdlcthreat-modelingbsimmowasp-sammsecurity-championsapplication-securitysecure-designstridesastdastsecurity-requirementssoftware-security

Research Foundation: 8 sources (3 industry frameworks, 3 official docs, 1 books, 1 academic)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/26/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release

Works well with

API Security HardenerPlatinumDevSecOps Pipeline ArchitectPlatinumSAST & DAST Pipeline EngineerPlatinumSecurity Code ReviewerPlatinumThreat Modeling AdvisorPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Penetration Testing GuidePlatinumSecurity Architecture ReviewerPlatinumVulnerability Management StrategistPlatinum

Common Workflows

Enterprise Secure Development Transformation

Complete transformation from security assessment through pipeline implementation to code-level security practices

secure-sdlc-advisorDevSecOps Pipeline ArchitectSAST & DAST Pipeline EngineerSecurity Code Reviewer

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice