[Owasp-leaders] SecDevOps Risk Workflow Book (please help with your feedback)

Dinis Cruz dinis.cruz at owasp.org
Sat Oct 29 11:28:06 UTC 2016


Hi Mario, thx for the nice works and It's good to see that you're also
using JIRA that way

On the resolutions I usually have 4 (which match yours): Unresolved, Risk
Accepted, Fixed and Done

Here is a chart from a live project:




Mario, I've added this issue to track this topic: Add section on 'JIRA Risk
Resolutions'
<https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/issues/122>

Andre, I added your earlier question to Expand on 'should AppSec
Requirements be listed on its own Epic?'
<https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/issues/123> ,
since it is a good topic to cover.

Thanks

Dinis


On 29 October 2016 at 05:25, Mario Robles OWASP <mario.robles at owasp.org>
wrote:

> Hi Dinis,
>
> Great work, it’s very nice to see your Jira workflow very similar to the
> one I’ve been working on, one thing that I would suggest is including
> custom “resolutions” consistent to the status in the kanban so you can add
> the Resolution field in the Screen used for closing the issues:
>
> This will help on reporting and dashboarding your data
>
> Again, great work
>
> Mario
>
>
> On Oct 28, 2016, at 17:01, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>
> Hi fellow OWASP leaders and friends, over the past 4 years I made the move
> from 'breaking apps' into becoming a real Developer, an AppSec Trainer and
> creating multiple AppSec teams (protecting large companies from real
> attacks and helping developers to write secure code)
>
> To try to capture my experiences, to help a wider audience and to get some
> feedback, I've been creating a book on leanpub <http://www.leanpub.com/>
>  called *SecDevOps Risk Workflow *which I would really appreciate if you
> could check it out.
>
> You can get it for free at https://leanpub.com/secdevops
>
> Note that when you get the book from Leanpub, you will also get all future
> updates (which I'm releasing regularly
> <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/tags>).
>
> Here is current book introduction:
>
> *This is a book about making developers more productive, embedding
> security practices into the SDL and ensuring that security risks are
> accepted and understood.*
>
> *The focus is on the Dev part of SecDevOps, and on the challenges of
> creating Security Champions for all DevOps stages.*
>
> *All content is released under an Creative Commons license (CC BY 3.0) and
> the GitHub repository Book_SecDevOps_Risk_Workflow
> <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow> contains all
> text and ideas.*
>
> *This book is based on successful and unsuccessful real world applications
> of these ideas. *
>
> Any feedback, suggestions or comments will be highly appreciated (please
> open an issue
> <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/issues> for
> them)
>
> Btw, leanpub <http://www.leanpub.com/> is a great book publishing
> platform, with a great set of values <https://leanpub.com/manifesto>. You
> should definitely try it out to create a book about the area of OWASP you
> are passionate about.
>
> Thanks for your help,
>
> Dinis Cruz
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161029/6339adbd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-7.png
Type: image/png
Size: 38358 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161029/6339adbd/attachment-0001.png>


More information about the OWASP-Leaders mailing list