1. Quantify business criticality of a deployed application
   
2. Translate technical risks into business risks (speak the language of management)
   
3. Translate technical risk into approximate financial risk
   

1. Paper describing definitions and formula for determining business criticality
   
2. Paper translating technical language and risks into business language and monetary risk
   

Eoin Keary @

Sherif Koussa @

Konstantinos Papapanagiotou @

Vishal Garg @

Mateo Martinez @

Mikko Saario @

Ofer Maor @

Nuno Loureiro @

Wojciech Dworakowski @

Tobias Gondrom @

Juan Jose Rider @

Alexandre Miguel Aniceto @

1. Defining consuming and instrumental tools data
   

1. A standard schema for describing application security risks of all types, with a place for all relevant information – whether derived statically, dynamically, manually, or architecturally.
   

Dan Cornell @

Jeremy Long @

Paolo Perego @

Sherif Koussa @

1. Discuss positive security properties that should be tracked
   
2. Discuss options for consumer-friendly labeling
   
3. Discuss ways to encourage participation in risk labeling
   

1. White paper sketching out a standard for a software security label and a plan to finalize the standard.
   

Vishal Garg @

Doug Wilson @

Alexandre Miguel Aniceto @

1. Discuss existing methods for counting and scoring defects, by vendors and practitioners willing to share their methodologies.
   
2. Discuss advantages and disadvantages of a standardized approach.
   
3. Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.
   

1. White paper sketching out a standard for rating risks that accomodates individual minor defects all the way through architectural flaws (that may represent many individual defects)
   

Justin Clarke @

Sherif Koussa @

Vishal Garg @

Matteo Meucci @

Elke Roth-Mandutz @

Mateo Martinez @

Doug Wilson @

Ofer Maor @

Wojciech Dworakowski @

Alexandre Miguel Aniceto @

1. Determine which SDLC activities correlate with more secure software
   
2. Determine how to measure the performance of these activities
   

1. Paper describing the SDLC activities that matter and measurement techniques for their performance
   

Nishi Kumar @

L. Gustavo C. Barbato @

Jason Taylor @

Matthew Chalmers @

Justin Clarke @

Seba Deleersnyder @

Sherif Koussa @

Vishal Garg @

Giorgio Fedon @

Ofer Maor @

Nuno Loureiro @

Tobias Gondrom @

1. Discuss and review current document project structures and key elements.
   
2. Review proposal to align to ASVS and discuss whether the current version of ASVS provides an adequate baseline.
   
3. Review other options for structure and numbering.
   
4. Develop a draft structure and numbering plan.
   
5. Discuss any dependencies which may exist, such as common nomenclature and definitions.
   

1. A written recommendation for a unified category and numbering system for applicable document projects.
   
2. Agreement from applicable document project leaders to adopt the finalized version of the system.
   
3. An implementation plan discussing when projects will implement the new system.
   

Vlatko Kosturjak @