Difference between revisions of "Category:OWASP Application Security Metrics Project"

From OWASP
Jump to: navigation, search
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/frhorton/8vpfwob3s.html pbsafrica
+
==== Main ====
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/olharder/michigan-auto.html gamewinners.com play station 2 grandtheftautovicecity.htm
+
 
] [http://s1.shard.jp/losaul/australian-photography.html australia fishing championship
+
] [http://s1.shard.jp/frhorton/xy928lwhl.html south african zulu tribe
+
] [http://s1.shard.jp/olharder/autopsy-picture.html autopsy picture of tupac shakur] [http://s1.shard.jp/frhorton/y8fj1syi7.html gay man south africa
+
] [http://s1.shard.jp/losaul/palm-treo-australia.html golf holiday australia
+
] [http://s1.shard.jp/bireba/symantec-antivirus.html what is antivirus program
+
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/losaul/australia-bank-fee.html australian meals made through the gold rush
+
] [http://s1.shard.jp/olharder/best-way-auto-care.html auction auto parkville
+
] [http://s1.shard.jp/galeach/new87.html 4 asian girl life myspace.com site] [http://s1.shard.jp/galeach/new141.html caucasian ovtcharka breeders
+
] [http://s1.shard.jp/losaul/job-search-cairns.html phillips lighting australia
+
] [http://s1.shard.jp/bireba/computer-associates.html i run my antivirus and the computer shuts down
+
] [http://s1.shard.jp/frhorton/2i2g9o8vi.html african american books for children
+
] [http://s1.shard.jp/olharder/automobile-accident.html coffee maker with auto shut off
+
] [http://s1.shard.jp/bireba/grisoft-antivirus.html download norton antivirus 2005 full software
+
] [http://s1.shard.jp/losaul/digital-broadcasting.html australia map new zealand
+
] [http://s1.shard.jp/olharder/premium-autoboomru.html auto carl caspers show
+
] [http://s1.shard.jp/losaul/australia-installation.html artificial lawn australia
+
] [http://s1.shard.jp/bireba/antivirus-check.html antivirus realtime protection failed to load
+
] [http://s1.shard.jp/bireba/antivirus-firewall.html antivirus firewall software] [http://s1.shard.jp/bireba/macintosh-antivirus.html avast antivirus pro serial
+
] [http://s1.shard.jp/olharder/ch-futterautomat.html auto expo 2004
+
] [http://s1.shard.jp/losaul/professionals.html professionals real estate western australia] [http://s1.shard.jp/losaul/police-federation.html time difference australia
+
] [http://s1.shard.jp/olharder/auto-emissions-test.html auto rental hunters edmonton
+
] [http://s1.shard.jp/bireba/noton-antivirus.html corporate antivirus software review
+
] [http://s1.shard.jp/galeach/new167.html asian american family counseling center houston
+
] [http://s1.shard.jp/losaul/desert-map-of-australia.html australian open womens final winner
+
] [http://s1.shard.jp/bireba/norton-antivirus.html mac affee antivirus
+
] [http://s1.shard.jp/losaul/australian-bull.html australian in the olympics in badminton
+
] [http://s1.shard.jp/frhorton/kqcuriisf.html somalia africa
+
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/automate-552.html automation laboratory robotics
+
] [http://s1.shard.jp/losaul/australian-census.html melbourne australia accommodation
+
] [http://s1.shard.jp/olharder/auto-copart-sale.html auto copart sale] [http://s1.shard.jp/galeach/new142.html 0824519957 amazon.com asian exec obidos
+
] [http://s1.shard.jp/losaul/australian-motorsportbiz.html australian motorsport.biz] [http://s1.shard.jp/frhorton/lr43ii5kv.html struggles of african americans
+
] [http://s1.shard.jp/bireba/norton-antivirus.html semantic antivirus software
+
] [http://s1.shard.jp/frhorton/9df15nbui.html african writer series
+
] [http://s1.shard.jp/frhorton/tulkpyc4u.html african orchids impatients
+
] [http://s1.shard.jp/losaul/australian-journal.html australian journal of rural health] [http://s1.shard.jp/galeach/new128.html anastasia hotel protaras cyprus
+
] [http://s1.shard.jp/bireba/avg-antivirus.html asquared antivirus
+
] [http://s1.shard.jp/olharder/autofill-slush.html auto accessory catalogs
+
] [http://s1.shard.jp/olharder/autoroll-654.html link] 
+
 
== Welcome to the Application Security Metrics Security Project ==
 
== Welcome to the Application Security Metrics Security Project ==
  
Line 46: Line 8:
 
== Project Guiding Principles: ==
 
== Project Guiding Principles: ==
  
The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.
+
The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.
 
    
 
    
 
* Effective security metrics have proven to be challenging to develop.  As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
 
* Effective security metrics have proven to be challenging to develop.  As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
 
    
 
    
* Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.
+
* Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.
  
* In selecting best practice metrics, make use of high-level filters.  For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?"
+
* In selecting best practice metrics, make use of high-level filters.  For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?"
  
* Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.”
+
* Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.
  
 
Comments to the editor or endorsements are welcome.
 
Comments to the editor or endorsements are welcome.
Line 60: Line 22:
 
== Project Scope: ==
 
== Project Scope: ==
  
In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.
+
In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.
  
 
* [http://www.attrition.org/pipermail/vim/attachments/20060914/42b97c1d/attachment-0001.obj Metrics on reported flaws from Mitre]
 
* [http://www.attrition.org/pipermail/vim/attachments/20060914/42b97c1d/attachment-0001.obj Metrics on reported flaws from Mitre]
Line 74: Line 36:
 
Project Lead:
 
Project Lead:
 
   
 
   
* Bob Austin of KoreLogic Security.  He can be reached at austinb@korelogic.com.  
+
* Jeff Barto.  He can be reached at jeffrey.barto[at]ubs.com
  
 
Contributors:
 
Contributors:
Line 81: Line 43:
 
* James McGovern, The Hartford
 
* James McGovern, The Hartford
  
 +
==== Project Identification ====
 +
[[Category:OWASP Project|Application Security Metrics Project]]
 +
[[Category:OWASP Document]]
 +
[[Category:OWASP Alpha Quality Document]]
 +
 +
{{Template:OWASP Project Identification Tab
 +
| project_name = OWASP Application Security Metrics Project
 +
| project_description = This Project will first identify and provide the OWASP community a set of application security metrics that have been found by contributors to be effective in measuring application security. This will be followed by the development of new metrics that build on the initial metrics foundation to fulfil unmet metrics requirements. The goals of this Project are to make a baseline set of application security metrics available to the OWASP community and subsequently to provide a forum for the community to contribute metrics back into the baseline
 +
| leader_name = Jeff Barto
 +
| leader_email = jeffrey.barto@ubs.com
 +
| leader_username =
 +
| maintainer_name =
 +
| maintainer_email =
 +
| maintainer_username =
 +
| contributor_name1 =
 +
| contributor_email1 =
 +
| contributor_username1 =
 +
| contributor_name2 =
 +
| contributor_email2 =
 +
| contributor_username2 =
 +
| contributor_name3 =
 +
| contributor_email3 =
 +
| contributor_username3 =
 +
| contributor_name4 =
 +
| contributor_email4 =
 +
| contributor_username4 =
 +
| contributor_name5 =
 +
| contributor_email5 =
 +
| contributor_username5 =
 +
| contributor_name6 =
 +
| contributor_email6 =
 +
| contributor_username6 =
 +
| contributor_name7 =
 +
| contributor_email7 =
 +
| contributor_username7 =
 +
| contributor_name8 =
 +
| contributor_email8 =
 +
| contributor_username8 =
 +
| contributor_name9 =
 +
| contributor_email9 =
 +
| contributor_username9 =
 +
| contributor_name10 =
 +
| contributor_email10 =
 +
| contributor_username10 = 
 +
| pamphlet_link =
 +
| mailing_list_name = owasp-metrics
 +
| links_url1 =
 +
| links_name1 =
 +
| links_url2 =
 +
| links_name2 =
 +
| links_url3 =
 +
| links_name3 =
 +
| links_url4 =
 +
| links_name4 =
 +
| links_url5 =
 +
| links_name5 =
 +
| links_url6 =
 +
| links_name6 =
 +
| links_url7 =
 +
| links_name7 =
 +
| links_url8 =
 +
| links_name8 =
 +
| links_url9 =
 +
| links_name9 =
 +
| links_url10 =
 +
| links_name10 =
 +
| project_road_map =
 +
| project_health_status =
 +
| current_release_name = First Release
 +
| current_release_date =
 +
| current_release_download_link =
 +
| current_release_rating =
 +
| current_release_leader_name =
 +
| current_release_leader_email =
 +
| current_release_leader_username =
 +
| last_reviewed_release_name =
 +
| last_reviewed_release_date =
 +
| last_reviewed_release_download_link =
 +
| last_reviewed_release_rating =
 +
| last_reviewed_release_leader_name =
 +
| last_reviewed_release_leader_email =
 +
| last_reviewed_release_leader_username =
 +
| old_release_name1 =
 +
| old_release_date1 =
 +
| old_release_download_link1 =
 +
| old_release_name2 =
 +
| old_release_date2 =
 +
| old_release_download_link2 =
 +
| old_release_name3 =
 +
| old_release_date3 =
 +
| old_release_download_link3 =
 +
| old_release_name4 =
 +
| old_release_date4 =
 +
| old_release_download_link4 =
 +
| old_release_name5 =
 +
| old_release_date5 =
 +
| old_release_download_link5 =
 +
}}
  
[[Category:OWASP Project]]
+
__NOTOC__
 +
<headertabs/>

Revision as of 12:51, 31 August 2009

Main

Welcome to the Application Security Metrics Security Project

This OWASP Project will first identify and provide the OWASP community a set of application security metrics that have been found by contributors to be effective in measuring application security. This will be followed by the development of new metrics that build on the initial metrics foundation to fulfill unmet metrics requirements. The goals of this Project are to make a baseline set of application security metrics available to the OWASP community and subsequently to provide a forum for the community to contribute metrics back into the baseline.

Project Guiding Principles:

The Application Security Metrics Security Project Project’s Guiding Principles were created in order to express the intentions of its contributors when designing application security metrics.

  • Effective security metrics have proven to be challenging to develop. As such, provide a means for the OWASP community to initially leverage what others have developed and find useful (i.e., provide the OWASP community useful metrics in use today).
  • Where practical, attempt to “standardize” nomenclature with other security metrics initiatives such as securitymetrics.org, Systems Security Engineering Capability Maturity Model (SSE-CMM), etc.
  • In selecting best practice metrics, make use of high-level filters. For example, use Dr. Dan Geer’s decision support mantra regarding security metrics: “How would that proposed measure advance appropriate decision making?"
  • Link each metric to the business driver for the metric (e.g., Metric “X” helps support regulatory compliance and risk management objectives.”

Comments to the editor or endorsements are welcome.

Project Scope:

In keeping with OWASP’s mission, this project will focus primarily on application security metrics. Below are some resources with information on application security metrics.


Feedback and Participation:

We hope you find the OWASP Application Security Metrics Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Application Security Metrics Project mailing list or view the archives, please visit the subscription page.

Project Contributors:

If you contribute to this Project, please add your name here Project Lead:

  • Jeff Barto. He can be reached at jeffrey.barto[at]ubs.com

Contributors:

  • Cliff Barlow, KoreLogic Security
  • James McGovern, The Hartford

Project Identification


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Application Security Metrics Project

Purpose: This Project will first identify and provide the OWASP community a set of application security metrics that have been found by contributors to be effective in measuring application security. This will be followed by the development of new metrics that build on the initial metrics foundation to fulfil unmet metrics requirements. The goals of this Project are to make a baseline set of application security metrics available to the OWASP community and subsequently to provide a forum for the community to contribute metrics back into the baseline

License: N/A

who is working on this project?
Project Leader: Jeff Barto @

Project Maintainer:

Project Contributor(s): N/A

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links: N/A

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Jeff Barto @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
First Release - Unknown Date - (no download available)

Release Leader: N/A

Release details: N/A :

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0



Subcategories

This category has only the following subcategory.

Pages in category "OWASP Application Security Metrics Project"

The following 2 pages are in this category, out of 2 total.