The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
We are very proud to announce a new version of SAMM!
This beta release of SAMM version 2.0 is the result of hard work including workshops, and input from practitioners and the OWASP community during summits in Europe and the US.
OWASP SAMM is an open source software assurance model and we consider the contributions from the community vital. Be a part of the summer release of version 2.0 by sending your feedback on the structure and content of the proposed maturity model.
Best wishes for 2019, we are looking forward to another exciting year!
As announced in the last OWASP Connector, December 2018, we are striving to make OWASP the foundation you expect it to be. Some changes will be more visible than others.
First of all, we have been able to contract Mike McCamon as Interim Executive Director. Please find information about Mike further down in this Connector.
In this path, you have received an invitation for the OWASP Membership Survey, the results of which will be presented during the first public OWASP BoD meeting, January 23rd. For those who are following the public board meetings, as we have moved to Zoom for online meetings, the new meeting details will be updated soon possible.
Last but not least, please mark your agendas for the first global conference, the Global AppSec Tel Aviv, May 26th to 30th.
Chairman of the Board
OWASP FOUNDATION ANNOUNCEMENTS:
Announcing Interim Executive Director Mike McCamon
In November Karen Staley chose to pursue other opportunities and the Board has contracted with Mike McCamon as an Interim Executive Director for OWASP. He started this role just after the New Year.
Mike has a long and distinguished reputation in the technology, standards, and nonprofit industries for consensus building, growth, and professionalism. He was the inaugural Executive Director for the Bluetooth Special Interest Group whose team put that initiative on the road to mainstream ubiquity. More recently he served on the leadership team that launched Matt Damon’s Water.org, a nonprofit that brings water and sanitation projects to the most vulnerable in the developing world. He is a seasoned technology executive also having led teams at companies like Apple, Intel, Iomega, and SpiderOak.
Over the coming weeks, Mike will be working with the Board along with Project and Chapter Leaders to chart the future of OWASP. At its core, the mission of OWASP is more timely and relevant than ever and we should all be hopeful and energetic about our prospects for the future. His email is firstname.lastname@example.org
SAVE THE DATE:
May 26-30, 2019
Global AppSec Tel Aviv 2019 at
David InterContinental Tel Aviv, Israel
You may also be interested in one of our other affiliated events:
The OWASP Internet of Things Project was started in 2014 as a way help Developers, Manufacturers, Enterprises, and Consumers to make better decisions regarding the creation and use of IoT systems. This continues today with the 2018 release of the OWASP IoT Top 10, which represents the top ten things to avoid when building, deploying or managing IoT systems. The primary theme for the 2018 OWASP Internet of Things Top 10 is simplicity. Rather than having separate lists for risks vs. threats vs. vulnerabilities—or for developers vs. enterprises vs. consumers—the project team elected to have a single, unified list that captures the top things to avoid when dealing with IoT Security.
The team recognized that there are now dozens of organizations releasing elaborate guidance on IoT Security—all of which are designed for slightly different audiences and industry verticals. We thought the most useful resource we could create is a single list that addresses the highest priority issues for manufacturers, enterprises, and consumers at the same time.
This is the fifth major release this year and was a wonderful collaboration with the user community and partnership with both Kenna Security and Micro Focus Fortify, both of whom supported the Dependency-Track project’s efforts to provide native integration capabilities with their platforms. Special thanks to Ed Bellis (Kenna) and Scott Johnson (Fortify) and their respective teams.
There’s a ton of other new stuff in this release as well including native support for NuGet and Pypi repositories for outdated version identification, improvements to Docker performance and configuration capabilities, and overall refinements and bug fixes.