[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-wash-dc-va
Subject:    [Owasp-wash_dc_va] Maturity Models
From:       John Steven <John.Steven () owasp ! org>
Date:       2009-04-01 17:25:09
Message-ID: d451daa00904011025n79a9d387wde9261b70bf48b9c () mail ! gmail ! com
[Download RAW message or body]

All,

Julia Allen, a senior researcher over at CERT, did a podcast with
Gary, Brian, and Sammy Migues several weeks ago on the Building
Security In Maturity Model (BSIMM).

You can listen to the results over at
http://www.cert.org/podcast/show/20090331mcgraw.html. They talk a
little about their mindset when they started the BSIMM research and
our goals for the business uses. BSIMM was released under Creative
Commons license and is freely available at http://bsi-mm.com .

You'll remember I sent a Tweet about SAMM (the other tine in this
forked effort) maintained by Pravir Chandra. He did an OWASP Podcast
on SAMM recently--and as a contributing author--I was a bit
disappointed with its rantiness-there's a lot of exceptional
structural/technical bits to SAMM that didn't come out. If you want to
listen to it, it's here:
http://www.owasp.org/download/jmanico/owasp_podcast_14.mp3

I'm intimately familiar with both models and have been helping
companies assess, mature, and/or build their security group since
about 2003. Is there chapter interest in a TECHNICAL comparison for
one meeting?

-jOHN
_______________________________________________
Owasp-wash_dc_va mailing list
Owasp-wash_dc_va@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-wash_dc_va
[prev in list] [next in list] [prev in thread] [next in thread]