[Global_industry_committee] OWASP and the SDL Pro Network

Colin Watson colin.watson at owasp.org
Fri Nov 20 12:02:28 EST 2009

Hello Katie

Sorry for the delay, but I had extended my trip in the US after the
conference and only arrived back on Tuesday, and have been trying to
catch up.

The discussion has been useful and raised the need to provide more
information on security lifecycle, even though that is already one of
the categorisations of OWASP's projects.  There is of course
willingness to highlight all the good approaches out there, including
MS SDL, so I think we will be seeing that happen.

Note this is in the same way that MS Threat Modelling is already
discussed/referenced in the OWASP wiki.  Oh, and did you see the link
to MS Threat Modelling in the new OWASP Top 10 rc1?


Comments are open on that until 31 December 2009.

But back to the SDL Pro Network... at the moment the feeling is that
OWASP cannot commit to becoming a member of the Pro Network but of
course would be willing to provide input or assist with its
development where suitable opportunities, and available resources,
arise.  If you can see any opportunities, please let us know.   But
let's see how the aspect of secure lifecycle develops e.g. the OWASP
development guide is about to be updated - I'll keep you informed.

Thank you for taking the time to discuss this opportunity with us, and
I hope we are able to meet you some time.


Colin Watson
OWASP Global Industry Committee

2009/11/19 Katie Moussouris <katiemo at microsoft.com>:
> Hi Colin,
>  Before I go on vacation next week, I wanted to check in on whether you had heard any news from Pravir or others on OWASP's interest in being added to the SDL Pro Network.  Have there been any questions I can answer?
> Cheers,
> Katie
> Katie Moussouris
> Senior Security Strategist, SDL

More information about the Global_industry_committee mailing list