[Owasp-leaders] ISO/IEC 27034
jason.alexander at owasp.org
Sat Aug 17 14:40:37 UTC 2013
Shame the standard is not released under an open source license. I have
access to it through work and it's a good document.
On 16 Aug 2013 04:34, "Jonathan Marcil" <jonathan.marcil at owasp.org> wrote:
> Hi OWASP Leaders,
> The current email is to let you know that I have been invited to
> represent OWASP at an ISO/IEC 27034 (Information technology — Security
> techniques — Application security) meeting by Luc Poulin the main
> project editor. It is held this week at Microsoft office in Montreal.
> Basically I'm here to contribute to the discussion with practical
> application security knowledge and OWASP projects. I'm, of course, just
> really speaking "about OWASP" and not "for OWASP".
> We are also planning to propose some new OWASP projects, and especially
> one that will create Application Security Controls (ASCs) as described
> in the standard from OWASP Top 10 entries and other projects.
> The ASCs in 27034 are actually made in an XML format and are not only
> documentation but a normalized representation of an application security
> control, so the mapping is rather different that was done with OpenSAMM
> on http://www.opensamm.org/2012/04/mapping-samm-to-isoiec-27034/.
> You can find more details about the standard at :
> If anyone is interested on the subject, feel free to reply to this
> email. We haven't even started the process to create the new projects
> but will welcome any help.
> - Jonathan Marcil
> OWASP Montreal Chapter Leader
> jonathan.marcil at owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders