[Owasp-leaders] Mapping OWASP projects on OpenSAMM practices

Seba seba at owasp.org
Sun Jun 23 18:21:57 UTC 2013


Dear,

One of the OpenSAMM v1.1 improvements is better integration of OpenSAMM
with the other OWASP projects.

With this in mind I have started a mapping of the OWASP Flagship and Labs
projects to the SAMM practices.
A first draft of this mapping is available for your review on:
https://docs.google.com/file/d/0B4cY8G2SHaWKNnE0V3lXZk90WWs/edit?usp=sharing

Some thoughts:
Most of the projects can easily be mapped on a specific SAMM Practice and
Level.
Other projects map on several SAMM Practices.
There are some projects that do not map on any SAMM Practice.

Coverage:
I have calculated the coverage of SAMM Practices by OWASP projects (see 2nd
worksheet "Coverage").
Some Practices do have none or very low projects.
I would love to see more action on Threat Assessment & Security
Requirements in the Construction Practices.
The Deployment Practices also need more love and OWASP projects focusing on
secure deployment of web applications.

We welcome your input as comments on the spreadsheet, on the SAMM mailing
list or to me directly (deadline: 7-July-2013).

Thank you,

Kind regards,

Seba
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130623/9b1de276/attachment.html>


More information about the OWASP-Leaders mailing list