[Global_industry_committee] The Microsoft SDL Pro Network

Christian Heinrich christian.heinrich at owasp.org
Thu Oct 29 03:03:58 EDT 2009


Colin,

It might be worth highlighting to Kate that OWASP provide training at
our conferences and at other events.


On Thu, Oct 29, 2009 at 5:35 AM, Colin Watson <colin.watson at owasp.org> wrote:
> Christian
>
> I spoke with Katie on Monday as a result of our approach.
>
> The current 'SDL Pro Network' members are all either training or
> consultancy organisations, and/or were involved in the development of
> the project.  Katie can see an opportunity for OWASP to become a
> member, but it would be a different type than these - OWASP's
> importance, and significant developer audience, mean it is in a good
> position to encourage the types of practices encouraged in lifecycle
> security.
>
> The question is whether OWASP wants to become a member.  What (costs)
> might that involve?
>
> - referencing the Microsoft SDL / SDL Pro Network from the wiki
>      - perhaps new pages about lifecycle issues, and referencing CLASP, SAMM
>        and a new page about SDL Pro (and maybe others BSIMM, Cigital Software
>        Security Touchpoints???)?
> - allowing OWASP to be mentioned on the SDL Pro Network page as a member?
>      - logo?
>      - link?
>
> At the moment there doesn't seem to be any obligation to contribute
> resources in any way to the SDL effort, but I suspect the Global
> Industry Committee and others would provide feedback on developer's
> experiences and future public drafts and the like.  Would it weaken
> CLASP or SAMM in any way?
>
> OWASP would also need to consider whether its impartiality is in any
> way affected, and also ensure it is not being seen to promote any
> particular vendor.  OWASP materials already reference some vendor's
> free and commercial products e.g.
>
> Threat Risk Modeling
> http://www.owasp.org/index.php/Threat_Risk_Modeling
>
> Does being a member of SDL Pro Network bring other benefits to OWASP?  Perhaps:
>
> - greater awareness?
> - greater acceptance by commercial software development companies?
>
> So we (OWASP) need to have a discussion.  Pravir and Andrew van der
> Stock (Development Guide) would seem to be crucial to this. What are
> people's views here, and how do you think we should proceed?
>
> Regards
>
> Colin Watson
> Global Industry Committee
> http://www.owasp.org/index.php/Global_Industry_Committee


-- 
Regards,
Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule


More information about the Global_industry_committee mailing list