[Global_industry_committee] OWASP and the SDL Pro Network

Colin Watson colin.watson at owasp.org
Wed Sep 1 16:32:35 EDT 2010


Yes that's very encouraging.

At the time there seemed to be a need for OWASP to sign up to some
legal conditions and requirements to do certain things.

We could probably do with a general wiki page (or two!) about secure
development lifecycles, which could list and discuss the various
models?  Maybe it's something that's going into the development guide?


On 30 August 2010 04:53, Christian Heinrich
<christian.heinrich at owasp.org> wrote:
> Colin,
> I believe this should be reconsidered in light of
> http://blogs.msdn.com/b/sdl/archive/2010/08/26/microsoft-sdl-and-the-creative-commons.aspx
> but please let me know your thoughts?
> On Sat, Nov 21, 2009 at 3:02 AM, Colin Watson <colin.watson at owasp.org> wrote:
>> Hello Katie
>> Sorry for the delay, but I had extended my trip in the US after the
>> conference and only arrived back on Tuesday, and have been trying to
>> catch up.
>> The discussion has been useful and raised the need to provide more
>> information on security lifecycle, even though that is already one of
>> the categorisations of OWASP's projects.  There is of course
>> willingness to highlight all the good approaches out there, including
>> MS SDL, so I think we will be seeing that happen.
>> Note this is in the same way that MS Threat Modelling is already
>> discussed/referenced in the OWASP wiki.  Oh, and did you see the link
>> to MS Threat Modelling in the new OWASP Top 10 rc1?
>>  http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf
>> Comments are open on that until 31 December 2009.
>> But back to the SDL Pro Network... at the moment the feeling is that
>> OWASP cannot commit to becoming a member of the Pro Network but of
>> course would be willing to provide input or assist with its
>> development where suitable opportunities, and available resources,
>> arise.  If you can see any opportunities, please let us know.   But
>> let's see how the aspect of secure lifecycle develops e.g. the OWASP
>> development guide is about to be updated - I'll keep you informed.
>> Thank you for taking the time to discuss this opportunity with us, and
>> I hope we are able to meet you some time.
> --
> Regards,
> Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
> OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking

More information about the Global_industry_committee mailing list