[Owasp-leaders] ISO/IEC 27034

Jonathan Marcil jonathan.marcil at owasp.org
Thu Aug 15 02:00:19 UTC 2013

Hi OWASP Leaders,

The current email is to let you know that I have been invited to
represent OWASP at an ISO/IEC 27034 (Information technology — Security
techniques — Application security) meeting by Luc Poulin the main
project editor. It is held this week at Microsoft office in Montreal.

Basically I'm here to contribute to the discussion with practical
application security knowledge and OWASP projects. I'm, of course, just
really speaking "about OWASP" and not "for OWASP".

We are also planning to propose some new OWASP projects, and especially
one that will create Application Security Controls (ASCs) as described
in the standard from OWASP Top 10 entries and other projects.

The ASCs in 27034 are actually made in an XML format and are not only
documentation but a normalized representation of an application security
control, so the mapping is rather different that was done with OpenSAMM
on http://www.opensamm.org/2012/04/mapping-samm-to-isoiec-27034/.

You can find more details about the standard at :

If anyone is interested on the subject, feel free to reply to this
email. We haven't even started the process to create the new projects
but will welcome any help.


 - Jonathan Marcil
   OWASP Montreal Chapter Leader
   jonathan.marcil at owasp.org

More information about the OWASP-Leaders mailing list