[Owasp-leaders] SecDevOps Risk Workflow Book (please help with your feedback)

Andre Gironda andreg+owasp at gmail.com
Fri Oct 28 23:18:26 UTC 2016


On Fri, Oct 28, 2016 at 4:01 PM, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Hi fellow OWASP leaders and friends, over the past 4 years I made the move
> from 'breaking apps' into becoming a real Developer, an AppSec Trainer and
> creating multiple AppSec teams (protecting large companies from real
> attacks and helping developers to write secure code)
>

Yeah I checked it out the other day, it seems very-nice. Good work!


> Here is current book introduction:
>
> *This is a book about making developers more productive, embedding
> security practices into the SDL and ensuring that security risks are
> accepted and understood.*
> *The focus is on the Dev part of SecDevOps, and on the challenges of
> creating Security Champions for all DevOps stages.*
> *This book is based on successful and unsuccessful real world applications
> of these ideas. *
>
> Any feedback, suggestions or comments will be highly appreciated (please
> open an issue
> <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/issues> for
> them)
>
> Btw, leanpub <http://www.leanpub.com/> is a great book publishing
> platform, with a great set of values <https://leanpub.com/manifesto>. You
> should definitely try it out to create a book about the area of OWASP you
> are passionate about.
>

Really enjoy the parts on JIRA -- I liked the parts about making Risk a
separate project but what if appsec requirements/documentation are listed
in its own Epic instead? Ok, I'll submit an issue or whatever, maybe over
the weekend. Just wanted to say that it looks useful and I'm excited to see
more.

Thank you,
Andre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161028/ab3162f2/attachment.html>


More information about the OWASP-Leaders mailing list