Thursday, January 31, 2019

New Version of SAMM

We are very proud to announce a new version of SAMM!
This beta release of SAMM version 2.0 is the result of hard work including workshops, and input from practitioners and the OWASP community during summits in Europe and the US.
OWASP SAMM is an open source software assurance model and we consider the contributions from the community vital. Be a part of the summer release of version 2.0 by sending your feedback on the structure and content of the proposed maturity model.
The feedback period ends on 24-Feb-2019. Please, read our notes on how to provide feedback.

Thank you, Kind regards, The SAMM project team

Friday, January 18, 2019

Call for CFT and CFP for Global AppSec Tel Aviv 2019

Call for Trainers -Deadline Feb. 16th 

Call for Papers -Deadline April 10th

Thursday, January 17, 2019

January 2019 Connector

January 2019


Letter from the Chairman:

Dear OWASP Community,

Best wishes for 2019, we are looking forward to another exciting year! 

As announced in the last OWASP Connector, December 2018, we are striving to make OWASP the foundation you expect it to be.  Some changes will be more visible than others.

First of all, we have been able to contract Mike McCamon as Interim Executive Director.  Please find information about Mike further down in this Connector.
In this path, you have received an invitation for the OWASP Membership Survey, the results of which will be presented during the first public  OWASP BoD meeting, January 23rd. For those who are following the public board meetings, as we have moved to Zoom for online meetings, the new meeting details will be updated soon possible.

Last but not least, please mark your agendas for the first global conference, the Global AppSec Tel Aviv, May 26th to 30th.

Kind regards,
Martin Knobloch
Chairman of the Board


Announcing Interim Executive Director Mike McCamon

In November Karen Staley chose to pursue other opportunities and the Board has contracted with Mike McCamon as an Interim Executive Director for OWASP. He started this role just after the New Year.

Mike has a long and distinguished reputation in the technology, standards, and nonprofit industries for consensus building, growth, and professionalism. He was the inaugural Executive Director for the Bluetooth Special Interest Group whose team put that initiative on the road to mainstream ubiquity. More recently he served on the leadership team that launched Matt Damon’s, a nonprofit that brings water and sanitation projects to the most vulnerable in the developing world. He is a seasoned technology executive also having led teams at companies like Apple, Intel, Iomega, and SpiderOak.

Over the coming weeks, Mike will be working with the Board along with Project and Chapter Leaders to chart the future of OWASP. At its core, the mission of OWASP is more timely and relevant than ever and we should all be hopeful and energetic about our prospects for the future. His email is 


May 26-30, 2019 
Global AppSec Tel Aviv 2019 at 
David InterContinental Tel Aviv, Israel  


You may also be interested in one of our other affiliated events:


Event Date Location
AppSec California 2019 January 22- 25, 2019 Santa Monica, CA
OWASP New Zealand Day February 21-22, 2019 Auckland, New Zealand
OWASP Seasides February 27-28, 2019 GOA, India
Snow FROC 2019 March 14, 2019 Cable Center Denver, CO



Event Date Location
BSides Cairo Security Day February 1-2, 2019 Cairo, Egypt
QuBit Conference Belgrade February 7, 2019 Belgrade, Serbia
Day of Shecurity 2019 February 22, 2019 Boston, MA
Cyber Security for Critical Assets USA 2019 February 26-27, 2019 Houston, TX
QuBit Conference Prague April 10-11, 2019 Prague
Cyber Security and Cloud Expo Global April 25-26, 2019 London
IoT Tech Expo Global April 25-26, 2019 London
Hack in Paris 2019 June 16-20, 2019 Paris
Cyber Security and Cloud Expo Europe June 19-20, 2019 Amsterdam
IoT Tech Expo Europe June 19-20, 2019 Amsterdam


The following projects had new releases recently:

OWASP Internet of Things Top 10 for 2018 
Project Leaders: Daniel Miessler and Craig Smith

The OWASP Internet of Things Project was started in 2014 as a way help Developers, Manufacturers, Enterprises, and Consumers to make better decisions regarding the creation and use of IoT systems. This continues today with the 2018 release of the OWASP IoT Top 10, which represents the top ten things to avoid when building, deploying or managing IoT systems. The primary theme for the 2018 OWASP Internet of Things Top 10 is simplicity. Rather than having separate lists for risks vs. threats vs. vulnerabilities—or for developers vs. enterprises vs. consumers—the project team elected to have a single, unified list that captures the top things to avoid when dealing with IoT Security. 
The team recognized that there are now dozens of organizations releasing elaborate guidance on IoT Security—all of which are designed for slightly different audiences and industry verticals. We thought the most useful resource we could create is a single list that addresses the highest priority issues for manufacturers, enterprises, and consumers at the same time. 

Dependency-Track v3.4 released
Project Leader: Steve Springett      

This is the fifth major release this year and was a wonderful collaboration with the user community and partnership with both Kenna Security and Micro Focus Fortify, both of whom supported the Dependency-Track project’s efforts to provide native integration capabilities with their platforms. Special thanks to Ed Bellis (Kenna) and Scott Johnson (Fortify) and their respective teams. 

There’s a ton of other new stuff in this release as well including native support for NuGet and Pypi repositories for outdated version identification, improvements to Docker performance and configuration capabilities, and overall refinements and bug fixes. 


In addition please welcome to Incubator status the following new projects:
OWASP Serverless Goat by Ory Segal
OWASP DVSA by Tal Melamed
OWASP  API Security (Restart) by Erez Yalon
OWASP Blockchain Security Framework by  Deepak Pandey



Waterloo, Canada
Suffolk, UK
Buffalo, NY
Little Rock, AR
Memphis, TN
Miami, Florida
San Fernando Valley, CA 
OWASP Mentor and Mentee Program sponsored by WIA

OWASP Community encourages interested mentors and mentees to share your interest via the following Mentor and Mentee form.

Any question, please contact


We welcome the following Contributor Corporate Members

Contributor Corporate Members

Join us
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, # 232
Bel Air, MD 21014  
Fax: 1-443-283-4021
Contact Us  

This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences