[Owasp-leaders] What's the "catalyst" project all about?

Adam Muntner adam.muntner at quietmove.com
Sun Jul 12 00:49:18 EDT 2009 

Where would a maturity model for maturity models come from , if not for
lessens learned from attempts at building maturity models?

:)

"The fact that SAMM, BSI-MM, and the SANS/MITRE Top 25 have had only a
small percentage of the success compared to the OWASP Top Ten leaves
me happy. I don't think we need more than one marketing-friendly /
lightweight, "one-size supposedly fits-all, but really doesn't fit
any" introduction to the subject matter."

Or the WASC-TC which is pretty cool... but has about 0.5% name recognition
compared to OWASP TOP-10. There is def  marketing lesson to be learned!

Adam

On Sat, Jul 11, 2009 at 9:20 PM, Andre Gironda <andreg at gmail.com> wrote:

> On Sat, Jul 11, 2009 at 9:03 PM, Stephen Craig
> Evans<stephencraig.evans at gmail.com> wrote:
> > I don't think before I hit "Send"
>
> As an expert on the above subject (and maybe a few of the below ones),
> let me provide some feedback.
>
> I think it was Epstein or somebody cool who said, "Isn't it a little
> early for maturity models in the appsec space"?
>
> The primary problem here is that we don't have a maturity model for
> building maturity models.
>
> Also -- in the case of Catalyst, it appears to be an effort to
> integrate ESAPI, ASVS, and other OWASP projects into one big-giant,
> dirty rubber-band ball. Apparently SAMM didn't offer this sort of
> integration. In other words, BSI-MM had too much Cigital terminology,
> but SAMM didn't have enough OWASP terminology.
>
> The fact that SAMM, BSI-MM, and the SANS/MITRE Top 25 have had only a
> small percentage of the success compared to the OWASP Top Ten leaves
> me happy. I don't think we need more than one marketing-friendly /
> lightweight, "one-size supposedly fits-all, but really doesn't fit
> any" introduction to the subject matter.
>
> Have fun,
> Andre
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090711/f0efece3/attachment.html

More information about the OWASP-Leaders mailing list