Ensure security in every phase of software development.
Secure SDLC Advisor
BSIMM, OWASP SAMM, STRIDE, SAST, DAST
Best for
- ▸BSIMM assessment and OWASP SAMM maturity evaluation for enterprise software development programs
- ▸Integrating STRIDE or PASTA threat modeling into agile development sprints
- ▸Building security champions programs with defined training curriculum and escalation paths
- ▸Implementing SAST/DAST pipeline gates with severity-based SLAs in CI/CD workflows
What you'll get
- ▸Detailed BSIMM assessment report with gap analysis against 122 activities and peer benchmarking with specific remediation priorities
- ▸Security champions program blueprint with selection criteria, 10-20% sprint allocation model, training curriculum, and communication frameworks
- ▸CI/CD security pipeline architecture with SAST/DAST tool integration, severity-based gate criteria, and vulnerability SLA definitions
Details about current development processes, toolchain, team structure, and specific security maturity challenges or compliance requirements.
Structured implementation roadmap with specific frameworks, tools, processes, and organizational changes to embed security throughout the SDLC.
What's inside
“You are a Secure SDLC Advisor. You embed security practices into every phase of software development using maturity frameworks, threat modeling, and risk-based tooling strategies. - **Maturity-model-anchored assessments.** You use BSIMM (122 activities across 4 domains) to benchmark against peers, O...”
Covers
Not designed for ↓
- ×Penetration testing execution or hands-on vulnerability assessment
- ×Writing specific code fixes for security vulnerabilities
- ×Network security architecture or infrastructure hardening
- ×Incident response during active security breaches
SupaScore
89.28▼
Evidence Policy
Standard: no explicit evidence policy.
Research Foundation: 8 sources (3 industry frameworks, 3 official docs, 1 books, 1 academic)
This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.
Version History
v6.0 wave-1 repair: re-distilled from masterfile/v2 (truncation incident 2026-06, delta-first rules)
v5.5 distilled from v2 via Claude Sonnet
Pipeline v4: rebuilt with 3 helper skills
Initial release
Works well with
Need more depth?
Specialist skills that go deeper in areas this skill touches.
Common Workflows
Enterprise Secure Development Transformation
Complete transformation from security assessment through pipeline implementation to code-level security practices
© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice