[SAMM] OWASP SAMM - project reboot and change of leadership

Ian gorrie at gmail.com
Sun Jan 27 20:17:40 UTC 2013


Great to see.  I thought that I responded a couple of times, but I don't
see it in the archives.  Perhaps I didn't spam the list with my 'me too'
reply ;)

As someone who has endeavored to and advocated the use of OpenSAMM in a
variety of consulting engagements to establish or improve infosec/appsec
programs, I would humbly suggest that efforts be focused in some small
part to curating and encouraging tools (or showing how tools could be
used) as quality gates in the OpenSAMM model.

Advocacy is great and all, but our whole industry has a severe problem
with creating useful open process that could be dropped in at various
stages to encourage people to do their jobs better.  Usually, I find, no
one has a vested interest to do so, but rather, they tie it up in a
proprietary offering of product and/or service.

In my experience, this isn't the way to see good process made; it needs
to be driven internally and not with paywalled compliance standards,
certifications, WAF appliances, periodic appscans, point-in-time code
audits or any of the like.

Cheers,

-i

On 1/27/2013 11:28 AM, Seba wrote:
>
> Hi,
>
> During the last month I have exchanged emails/calls with Pravir,
> Samantha and lots of other people who have supported SAMM in the past.
>
> SAMM
> (https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model)
> is an important OWASP project and needs an active project team to push
> it to the next level and maintain it in the future.
>
>
> I will take over the OWASP SAMM project leadership for 2013 with as
> main objectives:
>
> 1) build a list of (reference) organisations that use SAMM
>
> 2) create a SAMM user group to exchange experience and organise user
> group workshops/summits at the major OWASP conferences
>
> 3) build SAMM v1.1 or v2.0, based on gathered input on the SAMM
> mainling list, project participants and the SAMM user group meetings,
>
> This would include linking in other OWASP projects (see
> https://www.owasp.org/images/8/8f/Setting_up_a_Secure_Development_Life_Cycle_with_OWASP_-_Seba_Deleersnyder.pptx)
> and integrating the material that has been published on
> www.opensamm.org <http://www.opensamm.org> since the first version of
> SAMM.
>
>
> Together with Pravir and Samantha we agreed on a project leadership
> transfer.
>
> Pravir will stay on as co-lead. Other co-leaders will be Kuai Hinojosa
> and Bart De Win.
>
> Colin Watson also indicated to want to participate in the project.
>
>
> I will set up a doodle for a kick-off gotomeeting call in the coming
> weeks.
>
> Looking at the interest shown last November:
> http://lists.owasp.org/pipermail/samm/2012-November/thread.html I hope
> to have your active participation as project co-lead, contributor or
> reviewer in the coming year!
>
>
> Kind regards,
>
> Seba
>
> seba at owasp.org <mailto:seba at owasp.org>
>
>
>
> _______________________________________________
> SAMM mailing list
> SAMM at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/samm

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/samm/attachments/20130127/a601d712/attachment.html>


More information about the SAMM mailing list