<div dir="ltr">hi,<div><br></div><div>reminder, we have our OWASP SAMM call tomorrow to discuss the new SAMMv2 release and the SAMM working sessions at the summit</div><div><br></div><div>You are welcome to join us!</div><div><br></div><div><div>We have our monthly SAMM call tomorrow at 21h30 CEST / 3:30pm EST.</div><div><br></div><div>Please join us at <a href="https://global.gotomeeting.com/join/262891661">https://global.gotomeeting.com/join/262891661</a></div><div><br></div><div>You can also dial in using your phone. </div><div><br></div><div>Access Code: 262-891-661 </div><div><br></div><div>Austria: +43 7 2088 1403 </div><div>Belgium: +32 28 08 4294 </div><div>Canada: +1 (647) 497-9351 </div><div>Denmark: +45 69 91 88 64 </div><div>Finland: +358 942 41 5780 </div><div>France: +33 170 950 592 </div><div>Germany: +49 692 5736 7312 </div><div>Ireland: +353 14 845 978 </div><div>Italy: +39 0 553 98 95 67 </div><div>Netherlands: +31 208 080 381 </div><div>New Zealand: +64 9 909 7888 </div><div>Norway: +47 21 03 58 98 </div><div>Spain: +34 955 32 0845 </div><div>Sweden: +46 852 503 499 </div><div>Switzerland: +41 435 0167 09 </div><div>United Kingdom: +44 330 221 0086 </div><div>United States: +1 (619) 550-0006 </div><div><br></div><div>First GoToMeeting? Let's do a quick system check: <a href="https://link.gotomeeting.com/system-check">https://link.gotomeeting.com/system-check</a> </div><div><br></div><div>Kind regards</div><div><br></div><div>Seba</div><br><div class="gmail_quote"><div dir="ltr">On Wed, Apr 4, 2018 at 8:35 PM Seba <<a href="mailto:seba@owasp.org">seba@owasp.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span id="m_-2428398744809448554inbox-inbox-docs-internal-guid-9f6ec128-91eb-d81b-b940-b8c940789487"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Hi,</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">After a year of work by the SAMMv2 team, we now release the alpha version of our new SAMMv2 framework.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Our objective is to update the SAMM framework taking into account the following improvements:</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">1) clean out inconsistencies from the previous release;</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">2) a more logical flow of maturity levels of the security activities as part of the SAMM practices;</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">3) take into account </span><span style="font-family:Arial;font-size:14.6667px;white-space:pre-wrap">agile </span><span style="background-color:transparent;font-family:Arial;font-size:11pt;white-space:pre-wrap">software development and DevOps practices;</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">4) decrease the number of "audit or quality gate" activities in the previous framework.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">A core team - with the help of many volunteers - has worked on the new framework since the last OWASP summit in June 2017.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">During that summit, we lay the foundations of version 2.0. </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We then added more details to the draft version with a SAMM summit in Reykjavik and extra online conference calls throughout 2017 and the last months.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">The major changes are:</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">1) The addition of a new business function "Implementation", covering 3 security practices: Secure Build, Secure Deployment and Defect Management.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">2) The introduction of 2 "Activity Streams" per security practice (this replaces the A and B activities which did not have a logical relation in the previous release). Each activity stream consists of 3 security activities (increasing in maturity level).</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">The current draft framework is created in a spreadsheet as this provides a better overview.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">The final framework will be released in yaml format, with an updated toolbox and document.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We now release the draft version for feedback, available here: </span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">OneDrive: <a href="https://1drv.ms/x/s!Ag3u_YTLhehYgaNki2Voe0t-6UaGbw" target="_blank">https://1drv.ms/x/s!Ag3u_YTLhehYgaNki2Voe0t-6UaGbw</a></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">GitHub: <a href="https://github.com/OWASP/samm/blob/master/v2.0/alpha/SAMM-Model-v2.00%20alpha%20release.xlsx" target="_blank">https://github.com/OWASP/samm/blob/master/v2.0/alpha/SAMM-Model-v2.00%20alpha%20release.xlsx</a></span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We invite you to read the new framework and welcome all your feedback (questions, remarks, </span><span style="font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">update suggestions or typos)</span><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">!</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">You can share your feedback:</span></p><ul style="margin-top:0pt;margin-bottom:0pt"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">in our SAMM mailing list: <a href="https://lists.owasp.org/mailman/listinfo/samm" target="_blank">https://lists.owasp.org/mailman/listinfo/samm</a></span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">in our SAMM Slack channel: <a href="https://owasp.slack.com/messages/C0VF1EJGH" target="_blank">https://owasp.slack.com/messages/C0VF1EJGH</a></span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">(preferred) through a feedback form: <a href="https://goo.gl/forms/c5fYJIgzxV7DRmdE2" target="_blank">https://goo.gl/forms/c5fYJIgzxV7DRmdE2</a></span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">during our next SAMM project call on 11-April-2018</span></p></li></ul><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">We will take into account all the feedback received by 19-April-2018.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Thank you!</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap">Kind regards,</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><font face="Arial"><span style="font-size:14.6667px;white-space:pre-wrap">the SAMM team</span></font></p><br><br><br><br><br><br><br><br><br></span></div></blockquote></div></div></div>