[GPC] New Project: OWASP Software Security Process

Christian Heinrich christian.heinrich at owasp.org
Thu Mar 3 16:39:47 EST 2011


Paulo,

Would it be possible to clarify the touchpoints with OpenSAMM and the
OWASP Testing Guide (i.e. OWASP Risk Rating Methodology) in relation
to this new project?

On Thu, Mar 3, 2011 at 7:00 AM, Paulo Coimbra <paulo.coimbra at owasp.org> wrote:
> Hello Matteo,
>
>
>
> Hope you are well. It was a pleasure meeting you the Summit.
>
>
>
> As for your request, first of all, I thank you for volunteering to lead an
> OWASP Project.  It is with volunteers like yourselves that OWASP continues
> to succeed in making application security visible.
>
>
>
> Secondly, here
> http://www.owasp.org/index.php/OWASP_Software_Security_Assurance_Process#tab=Project_Details
> is the project’s wiki page which has been placed amongst all the other OWASP
> Projects http://www.owasp.org/index.php/Category:OWASP_Project#tab=Alpha_Status_Projects.
>
>
>
> Please check it out and let me know if you find any problems or mistakes and
> feel obviously free to add any additional information to the project’s wiki
> page or to request assistance regarding its edition.
>
>
>
> Thirdly, later on, when your project reaches a point that you'd like OWASP
> to assist in its promotion, we will need the following to help spread the
> word about it:
>
> - Project Flyer/Pamphlet (PDF file):
> http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project-flyerpamphlet-thing/.
>
>
>
>  - Conference style presentation describing the project in at least 3 slides
> -
> http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide-presentation-thing/
>
>
>
> Fourthly, as work on your project progresses and you are ready to create a
> new release, please let the Global Projects Committee (GPC) know of the
> change in status so that we can create the needed template to support it.
>
>
>
> The GPC can work with you to get your project assessed and moved up the
> OWASP quality ladder from Alpha to Beta to Stable.  Not every release
> requires an assessment - feel free to email the GPC if you are unsure about
> your project's requirements.
>
>
>
> http://www.owasp.org/index.php/Assessment_Criteria_v2.0
>
>
>
> That is all for now - I wish you and your project great success.  Thank you
> for supporting OWASP's mission.
>
> Should you have any questions or require any further information, please do
> not hesitate to contact me.
>
>
>
> Many thanks, best regards,
>
>
>
> Thanks,
>
> - Paulo
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager
>
>
>
> From: Mateo Martinez [mailto:mateo.martinez at owasp.org]
> Sent: quarta-feira, 9 de Fevereiro de 2011 16:12
> To: Paulo Coimbra
> Subject: New Project: OWASP Software Security Process
>
>
>
> Dear Paulo,
>
> I want to start the following project in order to define a process for
> Software Security:
>
> 1. Project Name: OWASP Software Security Assurance Process
>
> 2.  Project purpose / overview: To outlines mandatory and recommended
> processes and practices to manage risks associated with applications.
> Software Security is equally dependent on people, processes and technology.
> The effectiveness of the OWASP Software Security Process is continuously
> measured and is improved through feedback, threat landscape changes,
> availability of new concepts and tools. Should be the framework to map
> Requirements, Dev and Testing guidelines for example.
>
> 3.  Project Roadmap: Define OWASP Software Security Process -->Integrate all
> OWASP Guidelines in it --> Review  --> Present to OWASP --> Discuss -->
> Release
>
> 4.  Project links (if any) to external sites,
>
> 5.  Project License: Creative Commons Attribution ShareAlike 3.0 license
>
> 6.  Project Leader name: Mateo Martínez
>
> 7.  Project Leader email address: mateo.martinez at owasp.org
>
> 8.  Project Leader wiki account - the username (you'll need this to edit the
> wiki): Mateo Martínez
>
> 9.  Project Contributor(s) (if any) - name email and wiki account (if any)
>
> 10.Project Main Links (if any).
>
> Please let me know if anything else is required to could start the project.
>
> Thank you.
> Warm regards,
>
> Mateo
>
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee
>
>



-- 
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh


More information about the Global-projects-committee mailing list