[Owasp-testing] OpenSAMM/BSIMM in the OWASP Testing Guide v4
christian.heinrich at cmlh.id.au
Thu Sep 27 22:29:19 UTC 2012
On Thu, Sep 27, 2012 at 6:45 PM, Alessandro Gai
<alessandro.gai at mediaservice.net> wrote:
> Yes, maybe SAMM is out of scope. I dont want subistitue the testing
> framework whit SAMM but I think that could be useful have in this part a
> focus (executive summary's depth) on a "larger" Secure SDLC framework
> (SAMM / BSIMM / ...) (SAMM is the most related with owasp, right?).
> And sure we have to insert something about the touchpoint (starting from
> you post?)
I have split this thread off due to its relevance to OpenSAMM and BSIMM.
OpenSAMM and BSIMM are both related to http://www.sei.cmu.edu/cmmi/
and I have CCed the OpenSAMM OWASP Mailing List and BCC Gary McGraw,
Brian Chess and Sammy Migues (the authors of BSIMM) for their
I would prefer to make not make a recommendation for either BSIMM and
OpenSAMM as I would consider that to be a conflict of interest but
have published an objective view of their slight differences within
http://www.slideshare.net/cmlh/bsammbo which has been reviewed by both
BSIMM and OpenSAMM.
Both OpenSAMM and BSIMM have not direct relationship to the SDL, aside
from attempting to measure its maturity and
http://www.microsoft.com/security/sdl/learn/assess.aspx might be more
relevant to your proposal.
However, I believe that OpenSAMM, BSIMM and/or the SDL Development
Model would made as a recommendation within the report based on the
OWASP Testing Guide.
More information about the Owasp-testing