[SAMM] Changes for the next SAMM version

1 view
Skip to first unread message

fabian....@optimabit.com

unread,
Aug 17, 2011, 6:48:12 AM8/17/11
to sa...@lists.owasp.org
Hello list,

I've been following the discussion about SAMM 1.1 vs. SAMM 2.0 and I was
wondering:

1. is there a list of changes for that new version and if so, where
could I view them?
2. who is responsible for managing the change process? I guess Mr.
Chandra?
3. since there is only one SEP on the website, are the changes stored
somewhere else?
4. are the SEPs actually being used or has that concept been abandoned?

Best wishes,
Fabian Streitel

_______________________________________________
SAMM mailing list
SA...@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/samm

Pravir Chandra

unread,
Aug 22, 2011, 4:58:20 AM8/22/11
to sa...@lists.owasp.org
So, to answer your questions:

1) All the changes will be tracked through the Google code issue tracker
(http://code.google.com/p/opensamm/). I have a decent size list of
changes that I still need to post up there and will do so this week.
Others are greatly encouraged to add anything they think is relevant to
the issue tracker (we'll go through and triage, de-duplicate, etc., so
feel free to fire away).

2) Yes, I think I'll be the point-person on coordinating the next
release, but I'll gladly accept anyone's help with the writing, changes,
or any other part of the production process.

3) Yeah, I'll fix the website since the SEP as a concept is still OK,
it's just that we're going to track it all in the Google code site as
opposed to the more free-form wordpress page madness. Like I said, by
end of week, I'll put up everything I know about (and post about it
here and/or on the opensamm.org site)

4) Issue tracker will be the main mechanism for feedback and changes
going forward. I still like the SEP concept to ensure we have good
justification for structural changes to the model, but all this can be
more easily captured in the issue tracker.


p.

Christian Heinrich

unread,
Aug 27, 2011, 9:17:48 PM8/27/11
to Software Assurance Maturity Model (SAMM)
Pravir,

On Mon, Aug 22, 2011 at 6:58 PM, Pravir Chandra <cha...@owasp.org> wrote:
> So, to answer your questions:
>
> 1) All the changes will be tracked through the Google code issue tracker
> (http://code.google.com/p/opensamm/). I have a decent size list of
> changes that I still need to post up there and will do so this week.
> Others are greatly encouraged to add anything they think is relevant to
> the issue tracker (we'll go through and triage, de-duplicate, etc., so
> feel free to fire away).
>
> 2) Yes, I think I'll be the point-person on coordinating the next
> release, but I'll gladly accept anyone's help with the writing, changes,
> or any other part of the production process.
>
> 3) Yeah, I'll fix the website since the SEP as a concept is still OK,
> it's just that we're going to track it all in the Google code site as
> opposed to the more free-form wordpress page madness. Like I said, by
> end of week, I'll put up everything I know about (and post about it
> here and/or on the opensamm.org site)
>
> 4) Issue tracker will be the main mechanism for feedback and changes
> going forward. I still like the SEP concept to ensure we have good
> justification for structural changes to the model, but all this can be
> more easily captured in the issue tracker.

I have started the lodge the differences with BSIMM to
http://code.google.com/p/opensamm/issues/list for the “Education and
Guidance” Security Practice of OpenSAMM based on
http://cmlh.id.au/post/1501070970/bsammbo-gov-training

Can you let me know if there is enough or too little information so I
can add the others listed within http://cmlh.id.au/tagged/bsammbo?

Also, what is the date when this process will close and the next
release is prepared?


--
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh

Christian Heinrich

unread,
Sep 3, 2011, 8:54:12 PM9/3/11
to Software Assurance Maturity Model (SAMM)
Pravir,

On Sun, Aug 28, 2011 at 11:17 AM, Christian Heinrich
<christian...@owasp.org> wrote:
> I have started the lodge the differences with BSIMM to
> http://code.google.com/p/opensamm/issues/list for the “Education and
> Guidance” Security Practice of OpenSAMM based on
> http://cmlh.id.au/post/1501070970/bsammbo-gov-training
>
> Can you let me know if there is enough or too little information so I
> can add the others listed within http://cmlh.id.au/tagged/bsammbo?

I have lodged all the issues as noted within http://cmlh.id.au/search/bsammbo

Reply all
Reply to author
Forward
0 new messages