[Owasp-leaders] OpenSAMM Summit Outcome - notes

Seba seba at owasp.org
Mon Apr 6 04:56:33 UTC 2015


Last week we had our first OpenSAMM Summit in Dublin on 27-28 March.

Full agenda for the User and Project Day are available here:


We had about 30 people gathering on the User day, with presentations (now
available online (linked in the agenda page), a short OpenSAMM training
(slides also available) and 2 great round tables to discuss OpenSAMM

On Friday evening most attendees came together in the centre of Dublin for
the social event in the Cocktail / Winter Garden at Fade Street Social.
Great food and lots of Guinness!

The Project day on Saturday was packed with constructive discussions and
decisions on the content and release of v1.1 of OpenSAMM and the evolution
of the tooling & guidance to support is. More details on the OpenSAMM
Benchmark initiative - which was announce during the User day – were
presented and debated together with a timeline for the release of the first
data set (expect this by September 2015).

The User day meeting notes – together with the list of actions – are
available here:


The final release of OpenSAMM v1.1 will be done in the coming weeks. The
core model will be split of the full document. Some nomenclature changes
were decided to better cover the underlying OpenSAMM security activities.
The how-to, templates, toolbox and quick-start guide will be released
separately and will have their own versioning. The existing mappings from
other frameworks will also be updated and now includes a mapping on PCI DSS

Overall feedback scores from the survey on the summit were great. Overall
score was 93.3 % ! Detailed scores and lessons learned have been captured


I want to thank all participants, my project co-leaders and the supporting
sponsors for making this summit a big success!

I will finish with the following quote: *"The SAMM summit provided an
opportunity to breathe new life into a framework that I use to facilitate
my day-to-day work and support my customers."* Bruce C Jenkins, Fortify
Security Lead, Hewlett-Packard Company

Stay tuned for the release of OpenSAMM v1.1 and hope to see you at one of
our next OpenSAMM summits!

Kind regards,


OpenSAMM project team

Also published online here -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150406/5aee08c1/attachment.html>

More information about the OWASP-Leaders mailing list