Project Overview 
=========================================================================================================

The purpose of this project is to illustrate and document a practical approach to implementing NIST SSDF practices to elevate the overall security posture of organizations that develop and produce software in DevSecOps environments. In pursuit of this objective, the project’s implementation strategy was informed by a comprehensive analysis from two distinct perspectives:

1. Defining a Conceptual DevSecOps Reference Model: Analysis from one perspective focused on defining a notional reference model that embodies a practical DevSecOps environment, which in turn facilitated the effective demonstration of SSDF practices through tailored scenarios and use cases on the project. This analysis perspective is shared in :doc:`Section 3 <notational-reference-model>` of the document in detail.


2. Decomposing NIST SSDF Practices and Tasks: The NIST SSDF describes a set of fundamental, sound practices for secure software development without prescribing their implementation. By focusing on desired outcomes rather than specific tools or methods, it provides a flexible framework. To further build on this, the project’s other perspective analysis focused on interpreting the NIST SSDF practices and tasks with the objective of decomposing them to more granular and actionable tasks. This, in turn, facilitated the identification of specific activities and technology capabilities necessary for the development of relevant demonstration scenarios and use cases for the project. This analysis perspective will be shared in the next update of this document.