[Global_industry_committee] OWASP and the SDL Pro Network

Christian Heinrich christian.heinrich at owasp.org
Sun Aug 29 23:53:30 EDT 2010


Colin,

I believe this should be reconsidered in light of
http://blogs.msdn.com/b/sdl/archive/2010/08/26/microsoft-sdl-and-the-creative-commons.aspx
but please let me know your thoughts?

On Sat, Nov 21, 2009 at 3:02 AM, Colin Watson <colin.watson at owasp.org> wrote:
> Hello Katie
>
> Sorry for the delay, but I had extended my trip in the US after the
> conference and only arrived back on Tuesday, and have been trying to
> catch up.
>
> The discussion has been useful and raised the need to provide more
> information on security lifecycle, even though that is already one of
> the categorisations of OWASP's projects.  There is of course
> willingness to highlight all the good approaches out there, including
> MS SDL, so I think we will be seeing that happen.
>
> Note this is in the same way that MS Threat Modelling is already
> discussed/referenced in the OWASP wiki.  Oh, and did you see the link
> to MS Threat Modelling in the new OWASP Top 10 rc1?
>
>  http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf
>
> Comments are open on that until 31 December 2009.
>
> But back to the SDL Pro Network... at the moment the feeling is that
> OWASP cannot commit to becoming a member of the Pro Network but of
> course would be willing to provide input or assist with its
> development where suitable opportunities, and available resources,
> arise.  If you can see any opportunities, please let us know.   But
> let's see how the aspect of secure lifecycle develops e.g. the OWASP
> development guide is about to be updated - I'll keep you informed.
>
> Thank you for taking the time to discuss this opportunity with us, and
> I hope we are able to meet you some time.


-- 
Regards,
Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking


More information about the Global_industry_committee mailing list