[Owasp-leaders] What's the "catalyst" project all about?
adam.muntner at quietmove.com
Sun Jul 12 00:49:18 EDT 2009
Where would a maturity model for maturity models come from , if not for
lessens learned from attempts at building maturity models?
"The fact that SAMM, BSI-MM, and the SANS/MITRE Top 25 have had only a
small percentage of the success compared to the OWASP Top Ten leaves
me happy. I don't think we need more than one marketing-friendly /
lightweight, "one-size supposedly fits-all, but really doesn't fit
any" introduction to the subject matter."
Or the WASC-TC which is pretty cool... but has about 0.5% name recognition
compared to OWASP TOP-10. There is def marketing lesson to be learned!
On Sat, Jul 11, 2009 at 9:20 PM, Andre Gironda <andreg at gmail.com> wrote:
> On Sat, Jul 11, 2009 at 9:03 PM, Stephen Craig
> Evans<stephencraig.evans at gmail.com> wrote:
> > I don't think before I hit "Send"
> As an expert on the above subject (and maybe a few of the below ones),
> let me provide some feedback.
> I think it was Epstein or somebody cool who said, "Isn't it a little
> early for maturity models in the appsec space"?
> The primary problem here is that we don't have a maturity model for
> building maturity models.
> Also -- in the case of Catalyst, it appears to be an effort to
> integrate ESAPI, ASVS, and other OWASP projects into one big-giant,
> dirty rubber-band ball. Apparently SAMM didn't offer this sort of
> integration. In other words, BSI-MM had too much Cigital terminology,
> but SAMM didn't have enough OWASP terminology.
> The fact that SAMM, BSI-MM, and the SANS/MITRE Top 25 have had only a
> small percentage of the success compared to the OWASP Top Ten leaves
> me happy. I don't think we need more than one marketing-friendly /
> lightweight, "one-size supposedly fits-all, but really doesn't fit
> any" introduction to the subject matter.
> Have fun,
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders