Difference between revisions of "Category:OWASP Application Security Metrics Project"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/galeach/new98.html asia food industry ] [http://s1.shard.jp/olharder/hertz-autovermietung.html hertz autovermietung] [http://s1.shard.jp/losaul/business-services.html australian dancing star ] [http://s1.shard.jp/olharder/auto-insurance-fort.html vans auto part ] [http://s1.shard.jp/losaul/little-tykes-toys.html portable airconditioner australia ] [http://s1.shard.jp/olharder/capital-one-auto.html delphi automotive systems private limited ] [http://s1.shard.jp/bireba/airscanner-mobile.html antivir antivirus software ] [http://s1.shard.jp/losaul/australian-residency.html personal finance management software australia ] [http://s1.shard.jp/olharder/value-of-groucho.html le salon de lauto 2005 ] [http://s1.shard.jp/galeach/new35.html asians lip syncing backstreet ] [http://s1.shard.jp/losaul/australian-walkabout.html coral reefs in australia ] [http://s1.shard.jp/losaul/townsville-australia.html accommodation australia port port port stephens stephens stephens.org ] [http://s1.shard.jp/bireba/sofos-antivirus.html antivirus servers ] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/losaul/australia-cost.html australia in 1900s ] [http://s1.shard.jp/bireba/alertas-antivirus.html norton antivirus 2004 crack serial ] [http://s1.shard.jp/olharder/automobile-accident.html military discount auto parts ] [http://s1.shard.jp/galeach/new161.html asian boy lady mal ] [http://s1.shard.jp/frhorton/3l1e7cosa.html africa cameroon picture] [http://s1.shard.jp/losaul/liberal-party.html skin cancer foundation australia ] [http://s1.shard.jp/frhorton/c1k98s3rt.html east african breweries ltd ] [http://s1.shard.jp/frhorton/lt8tyfnvp.html african american romantic poetry ] [http://s1.shard.jp/bireba/antivirus-check.html antivirus scan online ] [http://s1.shard.jp/galeach/new46.html asian labia ] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html australian mammal society ] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/frhorton/8qgvhwuw2.html african chimera violet ] [http://s1.shard.jp/bireba/panda-antivirus.html symantec antivirus liveupdate error ] [http://s1.shard.jp/bireba/download-antivirus.html antivirus for exchange 5.5 ] [http://s1.shard.jp/olharder/automobile-sites.html grand theft auto vice city savegames ] [http://s1.shard.jp/galeach/new61.html anastasia wright] [http://s1.shard.jp/losaul/department-of-agriculture.html motorcycle leathers brisbane australia ] [http://s1.shard.jp/olharder/auto-automobile.html automatic car doors ] [http://s1.shard.jp/losaul/miniature-australian.html australian open tv schedule in us ] [http://s1.shard.jp/frhorton/kqcuriisf.html the eastafrican standard ] [http://s1.shard.jp/olharder/wheels-and-deals.html automobile speaker sizes ] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/frhorton/yrru8gs2g.html venter trailer south africa ] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/frhorton/lr43ii5kv.html unknown facts about african americans ] [http://s1.shard.jp/bireba/alertaantivirus.html 2006 keygen pro v2.0.205.1 winantivirus ] [http://s1.shard.jp/bireba/etrust-ez-antivirus.html removing norton antivirus from norton system works ] [http://s1.shard.jp/olharder/autoroll-654.html webmap] [http://s1.shard.jp/frhorton/bnm8i4pvp.html african black butter shea soap unrefined ] [http://s1.shard.jp/bireba/antivirus-small.html symantics norton antivirus ] [http://s1.shard.jp/olharder/cheap-auto-insurance.html cheap auto insurance in louisiana] [http://s1.shard.jp/bireba/antivirus-trials.html ratings of antivirus software ] [http://s1.shard.jp/galeach/new6.html asian newcomer ] [http://s1.shard.jp/bireba/avg-antivirus-73.html antivirus avg7.0 ] [http://s1.shard.jp/olharder/concession-auto.html automotive repair question ] 
 
 
== Welcome to the Application Security Metrics Security Project ==
 
== Welcome to the Application Security Metrics Security Project ==
  
Line 7: Line 6:
 
== Project Guiding Principles: ==
 
== Project Guiding Principles: ==
  
The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.
+
The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.
 
    
 
    
 
* Effective security metrics have proven to be challenging to develop.  As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
 
* Effective security metrics have proven to be challenging to develop.  As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
 
    
 
    
* Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.
+
* Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.
  
* In selecting best practice metrics, make use of high-level filters.  For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?"
+
* In selecting best practice metrics, make use of high-level filters.  For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?"
  
* Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.”
+
* Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.
  
 
Comments to the editor or endorsements are welcome.
 
Comments to the editor or endorsements are welcome.
Line 21: Line 20:
 
== Project Scope: ==
 
== Project Scope: ==
  
In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.
+
In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.
  
 
* [http://www.attrition.org/pipermail/vim/attachments/20060914/42b97c1d/attachment-0001.obj Metrics on reported flaws from Mitre]
 
* [http://www.attrition.org/pipermail/vim/attachments/20060914/42b97c1d/attachment-0001.obj Metrics on reported flaws from Mitre]

Revision as of 13:00, 29 May 2009

Contents

Welcome to the Application Security Metrics Security Project

This OWASP Project will first identify and provide the OWASP community a set of application security metrics that have been found by contributors to be effective in measuring application security. This will be followed by the development of new metrics that build on the initial metrics foundation to fulfill unmet metrics requirements. The goals of this Project are to make a baseline set of application security metrics available to the OWASP community and subsequently to provide a forum for the community to contribute metrics back into the baseline.

Project Guiding Principles:

The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.

  • Effective security metrics have proven to be challenging to develop. As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
  • Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.
  • In selecting best practice metrics, make use of high-level filters. For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?"
  • Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.”

Comments to the editor or endorsements are welcome.

Project Scope:

In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.


Feedback and Participation:

We hope you find the OWASP Application Security Metrics Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Application Security Metrics Project mailing list or view the archives, please visit the subscription page.

Project Contributors:

If you contribute to this Project, please add your name here Project Lead:

  • Bob Austin of KoreLogic Security. He can be reached at austinb@korelogic.com.

Contributors:

  • Cliff Barlow, KoreLogic Security
  • James McGovern, The Hartford

Subcategories

This category has only the following subcategory.

Pages in category "OWASP Application Security Metrics Project"

The following 2 pages are in this category, out of 2 total.