This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Application Security Metrics Project"
Deleted user (talk | contribs) |
|||
(19 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | + | {| | |
− | + | |- | |
+ | ! width="700" align="center" | <br> | ||
+ | ! width="500" align="center" | <br> | ||
+ | |- | ||
+ | | align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] | ||
+ | | align="right" | | ||
+ | |||
+ | |} | ||
+ | ==== Main ==== | ||
+ | |||
== Welcome to the Application Security Metrics Security Project == | == Welcome to the Application Security Metrics Security Project == | ||
Line 8: | Line 17: | ||
== Project Guiding Principles: == | == Project Guiding Principles: == | ||
− | The Application Security Metrics Security Project | + | The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics. |
* Effective security metrics have proven to be challenging to develop. As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today). | * Effective security metrics have proven to be challenging to develop. As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today). | ||
− | * Where practical, attempt to | + | * Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc. |
− | * In selecting best practice metrics, make use of high-level filters. For example, use Dr. Dan | + | * In selecting best practice metrics, make use of high-level filters. For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?" |
− | * Link each metric to the business driver for the metric (e.g., Metric | + | * Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.” |
Comments to the editor or endorsements are welcome. | Comments to the editor or endorsements are welcome. | ||
Line 22: | Line 31: | ||
== Project Scope: == | == Project Scope: == | ||
− | In keeping with | + | In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics. |
* [http://www.attrition.org/pipermail/vim/attachments/20060914/42b97c1d/attachment-0001.obj Metrics on reported flaws from Mitre] | * [http://www.attrition.org/pipermail/vim/attachments/20060914/42b97c1d/attachment-0001.obj Metrics on reported flaws from Mitre] | ||
Line 36: | Line 45: | ||
Project Lead: | Project Lead: | ||
− | * | + | * Jeff Barto. He can be reached at jeffrey.barto[at]ubs.com |
Contributors: | Contributors: | ||
Line 43: | Line 52: | ||
* James McGovern, The Hartford | * James McGovern, The Hartford | ||
+ | ==== Project Identification ==== | ||
+ | [[Category:OWASP Project|Application Security Metrics Project]] | ||
+ | [[Category:OWASP Document]] | ||
+ | [[Category:OWASP Alpha Quality Document]] | ||
+ | |||
+ | {{Template:OWASP Project Identification Tab | ||
+ | | project_name = OWASP Application Security Metrics Project | ||
+ | | project_description = This Project will first identify and provide the OWASP community a set of application security metrics that have been found by contributors to be effective in measuring application security. This will be followed by the development of new metrics that build on the initial metrics foundation to fulfil unmet metrics requirements. The goals of this Project are to make a baseline set of application security metrics available to the OWASP community and subsequently to provide a forum for the community to contribute metrics back into the baseline | ||
+ | | leader_name = Jeff Barto | ||
+ | | leader_email = [email protected] | ||
+ | | leader_username = | ||
+ | | maintainer_name = | ||
+ | | maintainer_email = | ||
+ | | maintainer_username = | ||
+ | | contributor_name1 = | ||
+ | | contributor_email1 = | ||
+ | | contributor_username1 = | ||
+ | | contributor_name2 = | ||
+ | | contributor_email2 = | ||
+ | | contributor_username2 = | ||
+ | | contributor_name3 = | ||
+ | | contributor_email3 = | ||
+ | | contributor_username3 = | ||
+ | | contributor_name4 = | ||
+ | | contributor_email4 = | ||
+ | | contributor_username4 = | ||
+ | | contributor_name5 = | ||
+ | | contributor_email5 = | ||
+ | | contributor_username5 = | ||
+ | | contributor_name6 = | ||
+ | | contributor_email6 = | ||
+ | | contributor_username6 = | ||
+ | | contributor_name7 = | ||
+ | | contributor_email7 = | ||
+ | | contributor_username7 = | ||
+ | | contributor_name8 = | ||
+ | | contributor_email8 = | ||
+ | | contributor_username8 = | ||
+ | | contributor_name9 = | ||
+ | | contributor_email9 = | ||
+ | | contributor_username9 = | ||
+ | | contributor_name10 = | ||
+ | | contributor_email10 = | ||
+ | | contributor_username10 = | ||
+ | | pamphlet_link = | ||
+ | | mailing_list_name = owasp-metrics | ||
+ | | links_url1 = | ||
+ | | links_name1 = | ||
+ | | links_url2 = | ||
+ | | links_name2 = | ||
+ | | links_url3 = | ||
+ | | links_name3 = | ||
+ | | links_url4 = | ||
+ | | links_name4 = | ||
+ | | links_url5 = | ||
+ | | links_name5 = | ||
+ | | links_url6 = | ||
+ | | links_name6 = | ||
+ | | links_url7 = | ||
+ | | links_name7 = | ||
+ | | links_url8 = | ||
+ | | links_name8 = | ||
+ | | links_url9 = | ||
+ | | links_name9 = | ||
+ | | links_url10 = | ||
+ | | links_name10 = | ||
+ | | project_road_map = | ||
+ | | project_health_status = | ||
+ | | current_release_name = First Release | ||
+ | | current_release_date = | ||
+ | | current_release_download_link = | ||
+ | | current_release_rating = | ||
+ | | current_release_leader_name = | ||
+ | | current_release_leader_email = | ||
+ | | current_release_leader_username = | ||
+ | | last_reviewed_release_name = | ||
+ | | last_reviewed_release_date = | ||
+ | | last_reviewed_release_download_link = | ||
+ | | last_reviewed_release_rating = | ||
+ | | last_reviewed_release_leader_name = | ||
+ | | last_reviewed_release_leader_email = | ||
+ | | last_reviewed_release_leader_username = | ||
+ | | old_release_name1 = | ||
+ | | old_release_date1 = | ||
+ | | old_release_download_link1 = | ||
+ | | old_release_name2 = | ||
+ | | old_release_date2 = | ||
+ | | old_release_download_link2 = | ||
+ | | old_release_name3 = | ||
+ | | old_release_date3 = | ||
+ | | old_release_download_link3 = | ||
+ | | old_release_name4 = | ||
+ | | old_release_date4 = | ||
+ | | old_release_download_link4 = | ||
+ | | old_release_name5 = | ||
+ | | old_release_date5 = | ||
+ | | old_release_download_link5 = | ||
+ | }} | ||
− | + | __NOTOC__ | |
+ | <headertabs/> |
Latest revision as of 20:04, 23 January 2014
|
|
---|---|
Main
Welcome to the Application Security Metrics Security Project
This OWASP Project will first identify and provide the OWASP community a set of application security metrics that have been found by contributors to be effective in measuring application security. This will be followed by the development of new metrics that build on the initial metrics foundation to fulfill unmet metrics requirements. The goals of this Project are to make a baseline set of application security metrics available to the OWASP community and subsequently to provide a forum for the community to contribute metrics back into the baseline.
Project Guiding Principles:
The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.
- Effective security metrics have proven to be challenging to develop. As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
- Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.
- In selecting best practice metrics, make use of high-level filters. For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?"
- Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.”
Comments to the editor or endorsements are welcome.
Project Scope:
In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.
Feedback and Participation:
We hope you find the OWASP Application Security Metrics Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to [email protected]. To join the OWASP Application Security Metrics Project mailing list or view the archives, please visit the subscription page.
Project Contributors:
If you contribute to this Project, please add your name here Project Lead:
- Jeff Barto. He can be reached at jeffrey.barto[at]ubs.com
Contributors:
- Cliff Barlow, KoreLogic Security
- James McGovern, The Hartford
Project Identification
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What does this OWASP project release offer you? | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
Subcategories
This category has only the following subcategory.
O
Pages in category "OWASP Application Security Metrics Project"
The following 2 pages are in this category, out of 2 total.