[SAMM] SAMM 1+

[Colin Watson]

Hello Pravir

You mentioned there were some items that needed to be completed to
release the next version of SAMM. What help do you need?

I was wondering if SAMM 1.1" might be better than "SAMM 2.0" for these reasons:

- it shows that this isn't a huge change
- it indicates that 1.0 was "near prefect" the first time
- we avoid the version number arms race
- means we don't have to worry about getting to silly numbers like v25
in the near future

but would be interested to hear other people's views on this list.

Colin
_______________________________________________
SAMM mailing list
SA...@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/samm

[Christian Heinrich]

Colin,

This would be depend on how to differentiate with http://bsimm.com/ i.e. BSIMM2

Another consideration would be if any *new* "Business Functions" or
"Security Practices" that are added in the next release are backwards
compatible with v1.0.

--
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh

[Seba]

I also prefer SAMM 1.1, assuming the changes will be small

--Seba

[Pravir Chandra]

I'm definitely inclined to agree with a 1.1 version number instead of a
2.0 since the main changes that we identified for the next version all
consisted of minor updates or additions of newer material that was more
descriptive. Most of those changes were listed out at the OWASP Summit
at the beginning of the year and I've got them in my notes. Knowing that
doesn't help anyone that wants to volunteer some effort, I set up an
Issue Tracker on Google Code for the OpenSAMM project to make it easy
for people to add requests or file "bugs". It's here:

http://code.google.com/p/opensamm/

Please feel free to go through any individual lists of changes that you
have an add them, I'll do the same this week while I'm on the road and
we can have a near complete list of to-do's for 1.1 by next week I think.

p.