This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Working Sessions Defining Application Security Metrics"

From OWASP
Jump to: navigation, search
(Created page with '[http://www.owasp.org/index.php/Summit_2011 ''' Global Summit 2011 Home Page''']<br> [http://www.owasp.org/index.php/Summit_2011_Schedule ''' Global Summit 2011 Schedule''']<br> …')
 
 
Line 1: Line 1:
[http://www.owasp.org/index.php/Summit_2011 ''' Global Summit 2011 Home Page''']<br>
+
#REDIRECT [[Summit_2011_Working_Sessions/Session055]]
[http://www.owasp.org/index.php/Summit_2011_Schedule ''' Global Summit 2011 Schedule''']<br>
 
[http://www.owasp.org/index.php/Summit_2011_Working_Sessions ''' Global Summit 2011 Working Sessions''']
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(179, 179, 179); color: white;" | <font color="black">'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].</font>
 
|}
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | <font color="white">'''WORKING SESSION IDENTIFICATION'''</font>
 
|-
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Work Session Name'''
 
| align="left" colspan="6" style="width: 85%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <font color="black"><span style="font-weight: bold;">Defining Application Security Metrics</span></font>
 
|-
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Short Work Session Description'''
 
| align="left" colspan="6" style="width: 85%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | We all know that you can’t control what you can’t measure and that you need to measure the right things or you won’t be steering towards the right outcome.  For this session we will define the right outcome as “low risk to an organization from vulnerabilities in applications.” What are the right things to measure?  How can we measure them?  How can we use these application security metrics to drive towards low application risk.  It would also be great if this could be translated into monetary risk to determine if an organizations investment in applications is not too much or too little.  Some of the concepts discussed will be to take a portfolio view of application risk, assigning business risk to applications, counting defects, and measuring SDLC process performance.  This is a big unsolved problem so come prepared with ideas and be willing to take part in a discussion.<br>
 
|-
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Related Projects (if any)'''
 
| align="left" colspan="6" style="width: 85%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Email Contacts &amp; Roles'''
 
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Chair'''<br> [mailto:[email protected] '''Dinis Cruz''']<br> [mailto:[email protected] '''Justin Clarke''']
 
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Secretary'''<br>
 
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Mailing list'''<br>[http://www.owasp.org/index.php/Summit_2011#tab=How_Do_I_Join.3F_.2F_Mailing_list '''Subscription Page''']
 
|}
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | <font color="white">'''WORKING SESSION SPECIFICS'''</font>
 
|-
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Objectives'''
 
| align="left" colspan="6" style="width: 85%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <font color="black"></font><font color="black"></font><font color="black">
 
</font>
 
 
 
|-
 
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | '''Venue/Date&amp;Time/Model'''
 
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Venue'''<br>[http://www.owasp.org/index.php/Summit_2011 OWASP Global Summit Portugal 2011]
 
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" |
 
'''Date&amp;Time'''
 
 
 
| align="center" style="width: 25%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Discussion Model'''<br>"Participants + Attendees"
 
|}
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% white; color: white;" | <font color="black"></font> <br>
 
|}
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | <font color="white">'''WORKING SESSION OPERATIONAL RESOURCES'''</font>
 
|-
 
| align="center" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | Projector, whiteboards, markers, Internet connectivity, power
 
|}
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% white; color: white;" | <font color="black"></font> <br>
 
|}
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" colspan="7" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | <font color="white">'''WORKING SESSION ADDITIONAL DETAILS'''</font>
 
|-
 
| align="left" style="width: 100%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" |
 
*'''Related resources:'''
 
*'''Frameworks to invite:'''
 
 
 
|}
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" colspan="3" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''WORKING SESSION OUTCOMES'''
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(108, 130, 181);" | Statements, Initiatives or Decisions
 
| align="center" style="width: 46%; background: none repeat scroll 0% 0% rgb(179, 179, 179);" | '''Proposed by Working Group'''
 
| align="center" style="width: 47%; background: none repeat scroll 0% 0% rgb(179, 179, 179);" | '''Approved by OWASP Board'''
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 46%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |
 
| align="center" style="width: 47%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | After the Board Meeting - fill in here.
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 46%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |
 
| align="center" style="width: 47%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | After the Board Meeting - fill in here.
 
|}
 
 
 
== Working Session Participants  ==
 
 
 
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
 
 
 
 
 
{| border="0" align="center" style="width: 100%;"
 
|-
 
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" colspan="7" | <font color="white">'''WORKING SESSION PARTICIPANTS'''</font>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Name'''
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Company'''
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | '''Notes &amp; reason for participating, issues to be discussed/addressed'''
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|-
 
| align="center" style="width: 7%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 15%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
| align="center" style="width: 63%; background: none repeat scroll 0% 0% rgb(204, 204, 204);" | <br>
 
|}
 
 
 
If needed add here more lines.
 
 
 
[[Category:OWASP_Working_Session]]
 
[[Category:Summit_2011]]
 

Latest revision as of 12:12, 19 December 2010

Redirect to:

Retrieved from "https://wiki.owasp.org/index.php?title=Working_Sessions_Defining_Application_Security_Metrics&oldid=97102"