[Owasp-webcert] Metrion 2.0 Slides

Mark Curphey mark at curphey.com
Thu Aug 9 05:44:20 EDT 2007


Brilliant stuff. I know Chris is on the list. 

 

What I REALLY like is the ability to put tangible numbers to things and
provide confidence levels. 

 

My question is do you think this could be applied to a scheme like the one I
am proposing (i.e. from what I can see from the slides there is a lot of
work to calculate this) ?

 

From: owasp-webcert-bounces at lists.owasp.org
[mailto:owasp-webcert-bounces at lists.owasp.org] On Behalf Of Bellis, Ed
Sent: Wednesday, August 08, 2007 8:49 PM
To: owasp-webcert at lists.owasp.org
Subject: Re: [Owasp-webcert] Metrion 2.0 Slides

 

And here's Wysopal's slides:

 

"Software Security Weakness Scoring" 
Chris Wysopal (Veracode) Slides
<https://securitymetrics.org/content/attach/Metricon2.0/Wysopal-metricon2.0-
software-weakness-scoring.ppt> 

 

Very appropriate for this list.

 

-Ed

 

 

  _____  

From: owasp-webcert-bounces at lists.owasp.org
[mailto:owasp-webcert-bounces at lists.owasp.org] On Behalf Of Mark Curphey
Sent: Wednesday, August 08, 2007 9:22 AM
To: owasp-webcert at lists.owasp.org
Subject: [Owasp-webcert] Metrion 2.0 Slides

 

I am waiting on Wysopals slides to be posted but these have some great stuff
in. 

 

"Security Metrics in Practice: Development of a Security Metric System to
Rate Enterprise Software" 
Fredrick DeQuan Lee and Brian Chess (Fortify) Slides
<https://securitymetrics.org/content/attach/Metricon2.0/Lee_metricon20070807
.ppt> http://www.securitymetrics.org/content/images/out.png 

"A Software Security Risk Classification System" 
Eric Dalci and Robert Hines (Cigital) Slides
<https://securitymetrics.org/content/attach/Metricon2.0/Metricon_edalci_rhin
es_Final.pdf> http://www.securitymetrics.org/content/images/out.png

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-webcert/attachments/20070809/1d4dfb6a/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 936 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-webcert/attachments/20070809/1d4dfb6a/attachment.gif 


More information about the Owasp-webcert mailing list