[Owasp-leaders] Reminder OWASP SAMM call tomorrow - Re: For public feedback - OWASP SAMMv2 alpha release

Seba seba at owasp.org
Tue Apr 10 17:24:05 UTC 2018


hi,

reminder, we have our OWASP SAMM call tomorrow to discuss the new SAMMv2
release and the SAMM working sessions at the summit

You are welcome to join us!

We have our monthly SAMM call tomorrow at 21h30 CEST / 3:30pm EST.

Please join us at https://global.gotomeeting.com/join/262891661

You can also dial in using your phone.

Access Code: 262-891-661

Austria: +43 7 2088 1403
Belgium: +32 28 08 4294
Canada: +1 (647) 497-9351
Denmark: +45 69 91 88 64
Finland: +358 942 41 5780
France: +33 170 950 592
Germany: +49 692 5736 7312
Ireland: +353 14 845 978
Italy: +39 0 553 98 95 67
Netherlands: +31 208 080 381
New Zealand: +64 9 909 7888
Norway: +47 21 03 58 98
Spain: +34 955 32 0845
Sweden: +46 852 503 499
Switzerland: +41 435 0167 09
United Kingdom: +44 330 221 0086
United States: +1 (619) 550-0006

First GoToMeeting? Let's do a quick system check:
https://link.gotomeeting.com/system-check

Kind regards

Seba

On Wed, Apr 4, 2018 at 8:35 PM Seba <seba at owasp.org> wrote:

> Hi,
>
>
> After a year of work by the SAMMv2 team, we now release the alpha version
> of our new SAMMv2 framework.
>
> Our objective is to update the SAMM framework taking into account the
> following improvements:
>
> 1) clean out inconsistencies from the previous release;
>
> 2) a more logical flow of maturity levels of the security activities as
> part of the SAMM practices;
>
> 3) take into account agile software development and DevOps practices;
>
> 4) decrease the number of "audit or quality gate" activities in the
> previous framework.
>
> A core team - with the help of many volunteers - has worked on the new
> framework since the last OWASP summit in June 2017.
>
> During that summit, we lay the foundations of version 2.0.
>
> We then added more details to the draft version with a SAMM summit in
> Reykjavik and extra online conference calls throughout 2017 and the last
> months.
>
> The major changes are:
>
> 1) The addition of a new business function "Implementation", covering 3
> security practices: Secure Build, Secure Deployment and Defect Management.
>
> 2) The introduction of 2 "Activity Streams" per security practice (this
> replaces the A and B activities which did not have a logical relation in
> the previous release). Each activity stream consists of 3 security
> activities (increasing in maturity level).
>
> The current draft framework is created in a spreadsheet as this provides a
> better overview.
>
> The final framework will be released in yaml format, with an updated
> toolbox and document.
>
> We now release the draft version for feedback, available here:
>
> OneDrive: https://1drv.ms/x/s!Ag3u_YTLhehYgaNki2Voe0t-6UaGbw
>
> GitHub:
> https://github.com/OWASP/samm/blob/master/v2.0/alpha/SAMM-Model-v2.00%20alpha%20release.xlsx
>
> We invite you to read the new framework and welcome all your feedback
> (questions, remarks, update suggestions or typos)!
>
> You can share your feedback:
>
>    -
>
>    in our SAMM mailing list: https://lists.owasp.org/mailman/listinfo/samm
>    -
>
>    in our SAMM Slack channel: https://owasp.slack.com/messages/C0VF1EJGH
>    -
>
>    (preferred) through a feedback form:
>    https://goo.gl/forms/c5fYJIgzxV7DRmdE2
>    -
>
>    during our next SAMM project call on 11-April-2018
>
>
> We will take into account all the feedback received by 19-April-2018.
>
>
> Thank you!
>
>
> Kind regards,
>
>
> the SAMM team
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180410/abb48cd0/attachment.html>


More information about the OWASP-Leaders mailing list