[Owasp-leaders] [SAMM] Mapping OWASP projects on OpenSAMM practices
seba at owasp.org
Fri Jun 28 13:12:46 UTC 2013
It makes sense to indeed extend the current mapping with incubator and
non-owasp open source projects.
I will add this to the project 'to-do' list.
On Mon, Jun 24, 2013 at 4:12 PM, Colin Watson <colin.watson at owasp.org>wrote:
> This is a very useful document, and at some point it should be shared
> with the Leaders list - it highlights the large bias towards testing
> tools and educational materials. Perhaps OWASP needs to call for
> projects to fill in the gaps?
> 1) Perhaps there are some incubator projects which ought to be labs,
> and that would allow us to add them into the matrix. Cheat Sheet
> series stands out, but there are probably others. Should identify
> suitable incubator projects and encourage them to progress up to labs
> projects? My own OWASP Cornucopia could fit TA2 and SR2.
> 2) What about non-project things like the Appsec Guide for CISOs
> (probably a SM2 and SM3)?
> 3) Should CLASP be mentioned?
> 4) Perhaps we need to fill the gaps with non-OWASP references too?
> On 23 June 2013 19:21, Seba <seba at owasp.org> wrote:
> > Dear,
> > One of the OpenSAMM v1.1 improvements is better integration of OpenSAMM
> > the other OWASP projects.
> > With this in mind I have started a mapping of the OWASP Flagship and Labs
> > projects to the SAMM practices.
> > A first draft of this mapping is available for your review on:
> > Some thoughts:
> > Most of the projects can easily be mapped on a specific SAMM Practice and
> > Level.
> > Other projects map on several SAMM Practices.
> > There are some projects that do not map on any SAMM Practice.
> > Coverage:
> > I have calculated the coverage of SAMM Practices by OWASP projects (see
> > worksheet "Coverage").
> > Some Practices do have none or very low projects.
> > I would love to see more action on Threat Assessment & Security
> > in the Construction Practices.
> > The Deployment Practices also need more love and OWASP projects focusing
> > secure deployment of web applications.
> > We welcome your input as comments on the spreadsheet, on the SAMM mailing
> > list or to me directly (deadline: 7-July-2013).
> > Thank you,
> > Kind regards,
> > Seba
> > _______________________________________________
> > SAMM mailing list
> > SAMM at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/samm
> SAMM mailing list
> SAMM at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders