[Owasp-testing] OpenSAMM/BSIMM in the OWASP Testing Guide v4

Christian Heinrich christian.heinrich at cmlh.id.au
Thu Sep 27 22:29:19 UTC 2012


On Thu, Sep 27, 2012 at 6:45 PM, Alessandro Gai
<alessandro.gai at mediaservice.net> wrote:
> Yes, maybe SAMM is out of scope. I dont want subistitue the testing
> framework whit SAMM but I think that could be useful have in this part a
> focus (executive summary's depth) on a "larger" Secure SDLC framework
> (SAMM / BSIMM / ...) (SAMM is the most related with owasp, right?).
> And sure we have to insert something about the touchpoint (starting from
> you post?)

I have split this thread off due to its relevance to OpenSAMM and BSIMM.

OpenSAMM and BSIMM are both related to http://www.sei.cmu.edu/cmmi/
and I have CCed the OpenSAMM OWASP Mailing List and BCC Gary McGraw,
Brian Chess and Sammy Migues (the authors of BSIMM) for their
respective comment.

I would prefer to make not make a recommendation for either BSIMM and
OpenSAMM as I would consider that to be a conflict of interest but
have published an objective view of their slight differences within
http://www.slideshare.net/cmlh/bsammbo which has been reviewed by both

Both OpenSAMM and BSIMM have not direct relationship to the SDL, aside
from attempting to measure its maturity and
http://www.microsoft.com/security/sdl/learn/assess.aspx might be more
relevant to your proposal.

However, I believe that OpenSAMM, BSIMM and/or the SDL Development
Model would made as a recommendation within the report based on the
OWASP Testing Guide.

Christian Heinrich


More information about the Owasp-testing mailing list