In which OpenSAMM core practice area is environment hardening found?

Environment hardening is found in the Deployment core practice area of the Open Software Assurance Maturity Model (OpenSAMM). This practice focuses on enhancing the security of systems throughout the deployment phase, which includes preparations and configurations that help mitigate risks to the deployed software.

Deployment involves ensuring that the application is not only correctly installed but is also safeguarded against various security threats that could exploit vulnerabilities in the runtime environment. This encompasses processes like configuring servers securely, applying the principle of least privilege, managing network security configurations, and ensuring that all components are patched and updated. By hardening the environment, organizations create a more resilient posture against attacks, which is crucial as security threats continue to evolve.

The other areas encompass different aspects of the software development lifecycle. Governance pertains to the overarching strategies, policies, and frameworks guiding security practices; Verification focuses on testing and reviewing software to identify and mitigate vulnerabilities before deployment; Construction involves the secure coding practices used during development. Each of these areas plays an important role in the overall software security strategy, but environment hardening specifically pertains to the actions taken during the deployment of the software.