[Owasp-leaders] SecDevOps Risk Workflow Book (please help with your feedback)

Mario Robles OWASP mario.robles at owasp.org
Sat Oct 29 04:25:30 UTC 2016


Hi Dinis,

Great work, it’s very nice to see your Jira workflow very similar to the one I’ve been working on, one thing that I would suggest is including custom “resolutions” consistent to the status in the kanban so you can add the Resolution field in the Screen used for closing the issues:


This will help on reporting and dashboarding your data

Again, great work

Mario

> On Oct 28, 2016, at 17:01, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> 
> Hi fellow OWASP leaders and friends, over the past 4 years I made the move from 'breaking apps' into becoming a real Developer, an AppSec Trainer and creating multiple AppSec teams (protecting large companies from real attacks and helping developers to write secure code)
> 
> To try to capture my experiences, to help a wider audience and to get some feedback, I've been creating a book on leanpub <http://www.leanpub.com/> called SecDevOps Risk Workflow which I would really appreciate if you could check it out.
> 
> You can get it for free at https://leanpub.com/secdevops <https://leanpub.com/secdevops>
> 
> Note that when you get the book from Leanpub, you will also get all future updates (which I'm releasing regularly <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/tags>).
> 
> Here is current book introduction:
> 
> This is a book about making developers more productive, embedding security practices into the SDL and ensuring that security risks are accepted and understood.
> 
> The focus is on the Dev part of SecDevOps, and on the challenges of creating Security Champions for all DevOps stages.
> 
> All content is released under an Creative Commons license (CC BY 3.0) and the GitHub repository Book_SecDevOps_Risk_Workflow <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow> contains all text and ideas.
> 
> This book is based on successful and unsuccessful real world applications of these ideas.
> 
> Any feedback, suggestions or comments will be highly appreciated (please open an issue <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/issues> for them)
> 
> Btw, leanpub <http://www.leanpub.com/> is a great book publishing platform, with a great set of values <https://leanpub.com/manifesto>. You should definitely try it out to create a book about the area of OWASP you are passionate about.
> 
> Thanks for your help,
> 
> Dinis Cruz
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161028/ad914ad7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-7.png
Type: image/png
Size: 38358 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161028/ad914ad7/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161028/ad914ad7/attachment-0001.pgp>


More information about the OWASP-Leaders mailing list