[Owasp-leaders] Question on ISACA

Colin Watson colin.watson at owasp.org
Thu Nov 5 03:52:45 EST 2009


Some guidance in this area would be beneficial.  I think information
system auditors would welcome anything that helps them perform work
relating to application security.  But I think anything in this area
might have to fit with or map to things they are already familiar with
such as ISACA COBIT and FISCAM (and the ones Jeff has mentioned).  It
might also turn a whole group of auditors into OWASP evangelists (in
case we need some more!).

Building on OWASP life cycle projects, such as SAMM, might be the best
way forward.  As Pravir says, there is already an initial audit
framework there.

Colin


More information about the OWASP-Leaders mailing list