Category:OWASP Application Security Metrics Project

kasia sokalla asian battle.net auto massa pawn wardsautomotive auto rss xml auto auctions in oklahoma city east asian history syllabus types of antivirus softwares asian big dick little map asian sea automotive axles url ancient african kingdom australian society indexer scipio africanus domain princess auto parts removing auto paint scratches symantec norton antivirus 2006 and norton ghost 10.0 bundle winantivirus popup winantiviruspro reviews african meeting house nantucket click language african domain american asian band myspace.com site death euthanasia pro american asiatic oil corporation race cars for sale australia antivirus software free trials african american graduate history asian leopard cat for sale australian council examining pharmacy bioasia.com north ryde sydney australia url panda titanium antivirus 2005 4.02.01 username hivaids in african americans african dreams guest house 4517.0 prisoners in australia url australian dangerous goods codes asian community health mental services brown deer auto sales milwaukee design graphics magazine australia auto california loan title asian moon festival 2005 trialware norton antivirus 2005 antivirus software server http://www.textrelrolerbo.com

Welcome to the Application Security Metrics Security Project
This OWASP Project will first identify and provide the OWASP community a set of application security metrics that have been found by contributors to be effective in measuring application security. This will be followed by the development of new metrics that build on the initial metrics foundation to fulfill unmet metrics requirements. The goals of this Project are to make a baseline set of application security metrics available to the OWASP community and subsequently to provide a forum for the community to contribute metrics back into the baseline.

Project Guiding Principles:
The Application Security Metrics Security Project ProjectÃ¢ÂÂs Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.
 * Effective security metrics have proven to be challenging to develop. As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
 * Where practical, attempt to Ã¢ÂÂstandardizeÃ¢ÂÂ nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.


 * In selecting best practice metrics, make use of high-level filters. For example, use Dr. Dan GeerÃ¢ÂÂs decision support mantra regarding security metrics: Ã¢ÂÂHow would that proposed measure advance appropriate decision making?"


 * Link each metric to the business driver for the metric (e.g., Metric Ã¢ÂÂXÃ¢ÂÂ helps support regulatory compliance and risk management objectives.Ã¢ÂÂ

Comments to the editor or endorsements are welcome.

Project Scope:
In keeping with OWASPÃ¢ÂÂs mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.


 * Metrics on reported flaws from Mitre

Feedback and Participation:
We hope you find the OWASP Application Security Metrics Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Application Security Metrics Project mailing list or view the archives, please visit the subscription page.

Project Contributors:
If you contribute to this Project, please add your name here Project Lead:
 * Bob Austin of KoreLogic Security. He can be reached at austinb@korelogic.com.

Contributors:


 * Cliff Barlow, KoreLogic Security
 * James McGovern, The Hartford