[OWASP ASVS] ASVS 2.0: Volunteers to develop case studies

Krishna Raja kraja.lists at gmail.com
Tue Feb 12 22:14:54 UTC 2013

Greetings everyone!

As you may know, work is underway on the latest release of ASVS.  A roadmap
has been released, Andrew has made some excellent edits and added useful
content that will serve as a baseline for our next version, and has also
volunteered to take leadership of content updates for the next release.

As part of our roadmap, we are hoping to include some documented case
studies of successful usage/implementation of ASVS in the industry.  Has
anyone experienced such success, or have any of your clients?  If so, would
you be interested in putting together a case study?  Benefits include:

   - The opportunity to contribute to the project in a way that leaves your
   unique imprint, based on your personal experience in the case study.
   - The development of this material could potentially serve as grounds
   for presentation material at OWASP conferences or chapter meetings.
   - The positive exposure to you and/or your client's organization from
   telling this success story.

Some of the information we'd typically look to collect within a case study

   - A profile of the target organization;
   - The target organization's security landscape prior to ASVS
   implementation (e.g. what policies were already in place, what prompted the
   need for ASVS, etc.);
   - The roadmap or strategy for implementing ASVS (e.g. who was involved,
   how many people, which ASVS level(s) were achieved, how long it took to
   achieve them, challenges, etc.)
   - The resulting effect on the target organization's security posture.

Do we have any takers for ASVS case studies?  Please do reach out to me.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-application-security-verification-standard/attachments/20130212/f26d6b60/attachment.html>

More information about the Owasp-application-security-verification-standard mailing list