[Owasp-leaders] SecDevOps Risk Workflow Book (please help with your feedback)

Dinis Cruz dinis.cruz at owasp.org
Sat Oct 29 11:28:06 UTC 2016

Hi Mario, thx for the nice works and It's good to see that you're also
using JIRA that way

On the resolutions I usually have 4 (which match yours): Unresolved, Risk
Accepted, Fixed and Done

Here is a chart from a live project:

Mario, I've added this issue to track this topic: Add section on 'JIRA Risk

Andre, I added your earlier question to Expand on 'should AppSec
Requirements be listed on its own Epic?'
<https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/issues/123> ,
since it is a good topic to cover.



On 29 October 2016 at 05:25, Mario Robles OWASP <mario.robles at owasp.org>

> Hi Dinis,
> Great work, it’s very nice to see your Jira workflow very similar to the
> one I’ve been working on, one thing that I would suggest is including
> custom “resolutions” consistent to the status in the kanban so you can add
> the Resolution field in the Screen used for closing the issues:
> This will help on reporting and dashboarding your data
> Again, great work
> Mario
> On Oct 28, 2016, at 17:01, Dinis Cruz <dinis.cruz at owasp.org> wrote:
> Hi fellow OWASP leaders and friends, over the past 4 years I made the move
> from 'breaking apps' into becoming a real Developer, an AppSec Trainer and
> creating multiple AppSec teams (protecting large companies from real
> attacks and helping developers to write secure code)
> To try to capture my experiences, to help a wider audience and to get some
> feedback, I've been creating a book on leanpub <http://www.leanpub.com/>
>  called *SecDevOps Risk Workflow *which I would really appreciate if you
> could check it out.
> You can get it for free at https://leanpub.com/secdevops
> Note that when you get the book from Leanpub, you will also get all future
> updates (which I'm releasing regularly
> <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/tags>).
> Here is current book introduction:
> *This is a book about making developers more productive, embedding
> security practices into the SDL and ensuring that security risks are
> accepted and understood.*
> *The focus is on the Dev part of SecDevOps, and on the challenges of
> creating Security Champions for all DevOps stages.*
> *All content is released under an Creative Commons license (CC BY 3.0) and
> the GitHub repository Book_SecDevOps_Risk_Workflow
> <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow> contains all
> text and ideas.*
> *This book is based on successful and unsuccessful real world applications
> of these ideas. *
> Any feedback, suggestions or comments will be highly appreciated (please
> open an issue
> <https://github.com/DinisCruz/Book_SecDevOps_Risk_Workflow/issues> for
> them)
> Btw, leanpub <http://www.leanpub.com/> is a great book publishing
> platform, with a great set of values <https://leanpub.com/manifesto>. You
> should definitely try it out to create a book about the area of OWASP you
> are passionate about.
> Thanks for your help,
> Dinis Cruz
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161029/6339adbd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-7.png
Type: image/png
Size: 38358 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161029/6339adbd/attachment-0001.png>

More information about the OWASP-Leaders mailing list