[Owasp-leaders] ISO JTC1/SC27

Andrew Muller andrew.muller at owasp.org
Tue Jan 8 11:58:26 UTC 2013

Hi David,
  I too sit on a ISO JTC1/SC27 working group, but in Australia (IT-012-04).
The standard most applicable to OWASP is ISO/IEC 27034 (application
security) to be released in six parts with the first part released last
year. The remaining five are all in draft at the moment. To date its
development has been driven by Microsoft so the content reflects the MS
SDL. The OpenSAMM project has done some mapping between OpenSAMM and 27034 (

There have also been various attempts to develop penetration testing
standards but most relate to Common Criteria review rather than testing in
contexts with which we are familiar. The most recent attempt I've been
working on is ISO/IEC 29119 (software testing) which is being developed by
ISO JTC1/SC7, ensuring that security testing is included within the broader
testing process.

I wish you all the best in your standards job, especially when the deluge
of document reviews hits :)


On Tue, Jan 8, 2013 at 10:33 PM, David Montero <david.montero at owasp.org>wrote:

> Hi leaders,
> OWASP Andalucia has been accepted as member of ISO JTC1/SC27 in Spain. We
> will collaborate in the creation of new technical standards for ISO 27000
> family.
> Best regards,
> --
> David Montero "Raistlin"
> OWASP Andalucia
> Presidente
> Twitter: @owasp_andalucia
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130108/36b32ca0/attachment.html>

More information about the OWASP-Leaders mailing list