[Owasp-leaders] [SAMM] Mapping OWASP projects on OpenSAMM practices

Jason Johnson jason.johnson at owasp.org
Mon Jun 24 14:14:43 UTC 2013


I wonder if we can use the Hive project for some of these. Like a staging
or test environment?

Jason Johnson
OWASP
Oklahoma City, OK
 On Jun 24, 2013 9:13 AM, "Colin Watson" <colin.watson at owasp.org> wrote:

> Seba
>
> This is a very useful document, and at some point it should be shared
> with the Leaders list - it highlights the large bias towards testing
> tools and educational materials. Perhaps OWASP needs to call for
> projects to fill in the gaps?
>
> 1) Perhaps there are some incubator projects which ought to be labs,
> and that would allow us to add them into the matrix. Cheat Sheet
> series stands out, but there are probably others. Should identify
> suitable incubator projects and encourage them to progress up to labs
> projects? My own OWASP Cornucopia could fit TA2 and SR2.
>
> 2) What about non-project things like the Appsec Guide for CISOs
> (probably a SM2 and SM3)?
>
> 3) Should CLASP be mentioned?
>
> 4) Perhaps we need to fill the gaps with non-OWASP references too?
>
> Colin
>
>
> On 23 June 2013 19:21, Seba <seba at owasp.org> wrote:
> > Dear,
> >
> > One of the OpenSAMM v1.1 improvements is better integration of OpenSAMM
> with
> > the other OWASP projects.
> >
> > With this in mind I have started a mapping of the OWASP Flagship and Labs
> > projects to the SAMM practices.
> > A first draft of this mapping is available for your review on:
> >
> https://docs.google.com/file/d/0B4cY8G2SHaWKNnE0V3lXZk90WWs/edit?usp=sharing
> >
> > Some thoughts:
> > Most of the projects can easily be mapped on a specific SAMM Practice and
> > Level.
> > Other projects map on several SAMM Practices.
> > There are some projects that do not map on any SAMM Practice.
> >
> > Coverage:
> > I have calculated the coverage of SAMM Practices by OWASP projects (see
> 2nd
> > worksheet "Coverage").
> > Some Practices do have none or very low projects.
> > I would love to see more action on Threat Assessment & Security
> Requirements
> > in the Construction Practices.
> > The Deployment Practices also need more love and OWASP projects focusing
> on
> > secure deployment of web applications.
> >
> > We welcome your input as comments on the spreadsheet, on the SAMM mailing
> > list or to me directly (deadline: 7-July-2013).
> >
> > Thank you,
> >
> > Kind regards,
> >
> > Seba
> >
> > _______________________________________________
> > SAMM mailing list
> > SAMM at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/samm
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130624/47b3d98f/attachment.html>


More information about the OWASP-Leaders mailing list